CVE-2024-7570

Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ivanti:neurons_for_itsm:2023.2:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_itsm:2023.3:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_itsm:2023.4:*:*:*:*:*:*:*

History

06 Sep 2024, 21:59

Type Values Removed Values Added
CPE cpe:2.3:a:ivanti:neurons_for_itsm:2023.3:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_itsm:2023.4:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_itsm:2023.2:*:*:*:*:*:*:*
First Time Ivanti neurons For Itsm
Ivanti
References () https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2024-7569-CVE-2024-7570 - () https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2024-7569-CVE-2024-7570 - Patch, Vendor Advisory
CVSS v2 : unknown
v3 : 8.3
v2 : unknown
v3 : 8.1
Summary
  • (es) La validación de certificados incorrecta en Ivanti ITSM on-premise y Neurons for ITSM Versiones 2023.4 y anteriores permite a un atacante remoto en una posición MITM crear un token que permitiría el acceso a ITSM como cualquier usuario.

13 Aug 2024, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-13 19:15

Updated : 2024-09-06 21:59


NVD link : CVE-2024-7570

Mitre link : CVE-2024-7570

CVE.ORG link : CVE-2024-7570


JSON object : View

Products Affected

ivanti

  • neurons_for_itsm
CWE
CWE-295

Improper Certificate Validation