Lucene search

IvantiCVELIST:CVE-2024-7569

HistoryAug 13, 2024 - 6:10 p.m.

CVE-2024-7569

2024-08-1318:10:55

CWE-922

CWE-215

ivanti

www.cve.org

information disclosure

ivanti itsm

neurons for itsm

oidc client secret

debug information

cve-2024-7569

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

39.7%

JSON

An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "ITSM",
    "vendor": "Ivanti",
    "versions": [
      {
        "status": "affected",
        "version": "2023.4"
      },
      {
        "status": "unaffected",
        "version": "2023.4.0"
      }
    ]
  }
]

References

forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2024-7569-CVE-2024-7570

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

39.7%

JSON

Related for CVELIST:CVE-2024-7569