An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user.
References
Link | Resource |
---|---|
https://forums.ivanti.com/s/article/SA-CVE-2023-46808-Authenticated-Remote-File-Write-for-Ivanti-Neurons-for-ITSM | Vendor Advisory |
Configurations
History
01 Aug 2024, 13:45
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
01 Apr 2024, 15:31
Type | Values Removed | Values Added |
---|---|---|
First Time |
Ivanti
Ivanti neurons For Itsm |
|
CWE | CWE-434 | |
References | () https://forums.ivanti.com/s/article/SA-CVE-2023-46808-Authenticated-Remote-File-Write-for-Ivanti-Neurons-for-ITSM - Vendor Advisory | |
CPE | cpe:2.3:a:ivanti:neurons_for_itsm:*:*:*:*:*:*:*:* |
31 Mar 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-03-31 02:15
Updated : 2024-08-01 13:45
NVD link : CVE-2023-46808
Mitre link : CVE-2023-46808
CVE.ORG link : CVE-2023-46808
JSON object : View
Products Affected
ivanti
- neurons_for_itsm
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type