Lucene search

3c1d8aa1-5a33-4ea4-8992-aadd6440af75NVD:CVE-2024-7569

HistoryAug 13, 2024 - 7:15 p.m.

CVE-2024-7569

2024-08-1319:15:16

CWE-922

CWE-215

3c1d8aa1-5a33-4ea4-8992-aadd6440af75

web.nvd.nist.gov

vulnerability

ivanti itsm

information disclosure

oidc

debug information

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.7%

JSON

An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information.

Affected configurations

Nvd

Node

ivantineurons_for_itsmMatch2023.2

ivantineurons_for_itsmMatch2023.3

ivantineurons_for_itsmMatch2023.4

VendorProductVersionCPE
ivantineurons_for_itsm2023.2cpe:2.3:a:ivanti:neurons_for_itsm:2023.2:*:*:*:*:*:*:*
ivantineurons_for_itsm2023.3cpe:2.3:a:ivanti:neurons_for_itsm:2023.3:*:*:*:*:*:*:*
ivantineurons_for_itsm2023.4cpe:2.3:a:ivanti:neurons_for_itsm:2023.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ivanti	neurons_for_itsm	2023.2	cpe:2.3:a:ivanti:neurons_for_itsm:2023.2:::::::*
ivanti	neurons_for_itsm	2023.3	cpe:2.3:a:ivanti:neurons_for_itsm:2023.3:::::::*
ivanti	neurons_for_itsm	2023.4	cpe:2.3:a:ivanti:neurons_for_itsm:2023.4:::::::*

References

forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2024-7569-CVE-2024-7570

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.7%

JSON

Related for NVD:CVE-2024-7569