Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user.
References
Link | Resource |
---|---|
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2024-7569-CVE-2024-7570 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
06 Sep 2024, 21:59
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:ivanti:neurons_for_itsm:2023.3:*:*:*:*:*:*:* cpe:2.3:a:ivanti:neurons_for_itsm:2023.4:*:*:*:*:*:*:* cpe:2.3:a:ivanti:neurons_for_itsm:2023.2:*:*:*:*:*:*:* |
|
First Time |
Ivanti neurons For Itsm
Ivanti |
|
References | () https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2024-7569-CVE-2024-7570 - Patch, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.1 |
Summary |
|
13 Aug 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-13 19:15
Updated : 2024-09-06 21:59
NVD link : CVE-2024-7570
Mitre link : CVE-2024-7570
CVE.ORG link : CVE-2024-7570
JSON object : View
Products Affected
ivanti
- neurons_for_itsm
CWE
CWE-295
Improper Certificate Validation