An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information.
References
Link | Resource |
---|---|
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2024-7569-CVE-2024-7570 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
06 Sep 2024, 21:57
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-Other | |
References | () https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2024-7569-CVE-2024-7570 - Patch, Vendor Advisory | |
CPE | cpe:2.3:a:ivanti:neurons_for_itsm:2023.3:*:*:*:*:*:*:* cpe:2.3:a:ivanti:neurons_for_itsm:2023.4:*:*:*:*:*:*:* cpe:2.3:a:ivanti:neurons_for_itsm:2023.2:*:*:*:*:*:*:* |
|
Summary |
|
|
First Time |
Ivanti neurons For Itsm
Ivanti |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
13 Aug 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-13 19:15
Updated : 2024-09-06 21:57
NVD link : CVE-2024-7569
Mitre link : CVE-2024-7569
CVE.ORG link : CVE-2024-7569
JSON object : View
Products Affected
ivanti
- neurons_for_itsm
CWE
NVD-CWE-Other
CWE-215
Insertion of Sensitive Information Into Debugging Code
CWE-922Insecure Storage of Sensitive Information