Vulnerabilities (CVE)

Filtered by vendor Ivanti Subscribe
Filtered by product Neurons For Itsm
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-7570 1 Ivanti 1 Neurons For Itsm 2024-09-06 N/A 8.1 HIGH
Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user.
CVE-2024-7569 1 Ivanti 1 Neurons For Itsm 2024-09-06 N/A 9.8 CRITICAL
An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information.
CVE-2023-46808 1 Ivanti 1 Neurons For Itsm 2024-08-01 N/A 9.9 CRITICAL
An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user.