224 matches found
Security Advisory Ivanti Neurons for ITSM (On-Premises Only) (CVE-2025-22462)
Security Advisory Ivanti Neurons for ITSM on-premises only CVE-2025-22462 Summary Ivanti has released updates for Ivanti Neurons for ITSM on-prem only which addresses one critical severity vulnerability. Depending on system configuration, successful exploitation could allow an unauthenticated...
Ivanti Neurons for ITSM 安全漏洞
Ivanti Neurons for ITSM is an automation platform for IT service management, based on artificial intelligence and machine learning technologies, designed to optimize the IT service delivery process and enhance user experience. An authentication bypass vulnerability exists in Ivanti Neurons for...
CVE-2024-7570
Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user...
CVE-2024-7569
An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information...
CVE-2024-22060
An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM server...
CVE-2024-53855
Centurion ERP Enterprise Rescource Planning is a simple application developed to provide open source IT management with a large emphasis on the IT Service Management ITSM modules. A user who is authenticated and has view permissions for a ticket, can view the tickets of another organization they...
The vulnerability of the OIDC protocol implementation in the IT service management tool Ivanti Neurons for ITSM allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of the OpenID Connect OIDC implementation of the IT service management tool Ivanti Neurons for ITSM is related to insufficient protection of sensitive data. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...
The vulnerability of the OIDC protocol implementation in the IT service management tool Ivanti Neurons for ITSM allows a attacker to execute a type of “man-in-the-middle” attack.
The vulnerability of the OpenID Connect OIDC implementation in the IT service management tool Ivanti Neurons for ITSM is related to improper verification of certificates. Exploiting this vulnerability could allow a malicious actor to execute a “man-in-the-middle” attack...
Qualys VMDR & Core Apps Revamped: Ultimate Cyber Defense Partnership for Streamlined Vulnerability Management with ITSM
Introducing the Revamped VMDR & Core Apps Qualys has the dynamic duo of ServiceNow Apps – The Qualys Core App and Qualys VMDR App – that help you close the gap between IT and Security teams, making vulnerability management and ticketing workflows seamless and eliminating manual spreadsheet-based...
How to Use ITSM, SIEM, and SOAR to Remediate API Attacks
...
CVE-2024-7570
Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user...
CVE-2024-7569
An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information...
CVE-2024-7569
An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information...
CVE-2024-7570
Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user...
CVE-2024-7570
CVE-2024-7570 affects Ivanti ITSM on-prem and Neurons for ITSM (versions 2023.4 and earlier). The root cause is improper certificate validation, enabling a remote attacker in a network-positioned MITM to craft a token that grants access to ITSM as any user. The vulnerability is rated HIGH on both...
CVE-2024-7570
Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user...
CVE-2024-7569
CVE-2024-7569 : Ivanti ITSM on-prem and Neurons for ITSM (versions 2023.4 and earlier) contain an information-disclosure flaw that allows an unauthenticated attacker to retrieve the OIDC client secret via debug information. Public sources consistently describe impact as high confidentiality risk ...
CVE-2024-7569
An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information...
CVE-2024-7569
An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information...
Security Advisory: Ivanti Neurons for ITSM (CVE-2024-7569, CVE-2024-7570)
Ivanti has released updates for Ivanti Neurons for ITSM which addresses a critical severity vulnerability and a high severity vulnerability. Please note: the patch has been applied to all Ivanti Neurons for ITSM Cloud landscapes as of August 4. No further action is needed for cloud customers, we...