CVE-2024-7569

An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ivanti:neurons_for_itsm:2023.2:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_itsm:2023.3:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_itsm:2023.4:*:*:*:*:*:*:*

History

06 Sep 2024, 21:57

Type Values Removed Values Added
CWE NVD-CWE-Other
References () https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2024-7569-CVE-2024-7570 - () https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2024-7569-CVE-2024-7570 - Patch, Vendor Advisory
CPE cpe:2.3:a:ivanti:neurons_for_itsm:2023.3:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_itsm:2023.4:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_itsm:2023.2:*:*:*:*:*:*:*
Summary
  • (es) Una vulnerabilidad de divulgación de información en Ivanti ITSM on-premise y Neurons for ITSM versiones 2023.4 y anteriores permite a un atacante no autenticado obtener el secreto del cliente OIDC a través de información de depuración.
First Time Ivanti neurons For Itsm
Ivanti
CVSS v2 : unknown
v3 : 9.6
v2 : unknown
v3 : 9.8

13 Aug 2024, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-13 19:15

Updated : 2024-09-06 21:57


NVD link : CVE-2024-7569

Mitre link : CVE-2024-7569

CVE.ORG link : CVE-2024-7569


JSON object : View

Products Affected

ivanti

  • neurons_for_itsm
CWE
NVD-CWE-Other CWE-215

Insertion of Sensitive Information Into Debugging Code

CWE-922

Insecure Storage of Sensitive Information