Lucene search

HackeroneCVELIST:CVE-2024-22060

HistoryMay 31, 2024 - 5:38 p.m.

CVE-2024-22060

2024-05-3117:38:31

hackerone

www.cve.org

cve-2024-22060

unrestricted file upload vulnerability

ivanti neurons for itsm

remote user

sensitive directories

web component

CVSS3

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

Percentile

9.0%

JSON

An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM server.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "vendor": "Ivanti ",
    "product": "ITSM",
    "versions": [
      {
        "version": "2023.3",
        "status": "affected",
        "lessThanOrEqual": "2023.3",
        "versionType": "semver"
      }
    ]
  }
]

References

forums.ivanti.com/s/article/Security-Advisory-May-2024

CVSS3

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-22060