14 matches found
CVE-2026-9614
An Improper Access Control vulnerability in Ivanti Neurons for ITSM cloud and on-premises allows a remote authenticated attacker to gain administrative access...
CVE-2026-9614
An Improper Access Control vulnerability in Ivanti Neurons for ITSM cloud and on-premises allows a remote authenticated attacker to gain administrative access...
CVE-2026-9614
CVE-2026-9614 affects Ivanti Neurons for ITSM (cloud and on‑premises) with an Improper Access Control flaw that lets a remote authenticated attacker gain administrative access. On‑premises versions 2025.4 and earlier are vulnerable; fixed in 2025.4 Patch 1, 2025.3 Patch 1, or 2025.2 Patch 1. Clou...
Ivanti Neurons for ITSM 跨站脚本漏洞
Ivanti Neurons for ITSM is a reliable and powerful IT service management solution from the American company Ivanti. Versions of Ivanti Neurons for ITSM prior to 2025.4 contained a cross-site scripting vulnerability. This vulnerability stemmed from stored-cross-site scripting, and it could allow...
Ivanti Neurons for ITSM Installed (Windows)
Binary data ivantineuronsforitsm.nbin...
Vulnerability fixed in Ivanti Neurons for ITSM
Ivanti has fixed a vulnerability in Ivanti Neurons On-prem for ITSM Versions for 2023.4, 2024.2, and 2024.3 The vulnerability involves a critical authentication bypass that allows remote, unauthenticated attackers to gain administrative access. This could lead to unauthorized actions within the...
CVE-2025-22462
An authentication bypass in Ivanti Neurons for ITSM on-prem only before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system...
Ivanti Neurons for ITSM 安全漏洞
Ivanti Neurons for ITSM is an automation platform for IT service management, based on artificial intelligence and machine learning technologies, designed to optimize the IT service delivery process and enhance user experience. An authentication bypass vulnerability exists in Ivanti Neurons for...
The vulnerability of the OIDC protocol implementation in the IT service management tool Ivanti Neurons for ITSM allows a attacker to execute a type of “man-in-the-middle” attack.
The vulnerability of the OpenID Connect OIDC implementation in the IT service management tool Ivanti Neurons for ITSM is related to improper verification of certificates. Exploiting this vulnerability could allow a malicious actor to execute a “man-in-the-middle” attack...
The vulnerability of the OIDC protocol implementation in the IT service management tool Ivanti Neurons for ITSM allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of the OpenID Connect OIDC implementation of the IT service management tool Ivanti Neurons for ITSM is related to insufficient protection of sensitive data. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...
Security Advisory May 2024
Vulnerabilities have been discovered in the following Ivanti solutions and fixes are available now. Please review the knowledge base article for the associated solution for detailed information on how to remediate the weaknesses. Update October 1 : Ivanti has confirmed exploitation of...
PT-2024-4036 · Ivanti · Ivanti Neurons For Itsm
Name of the Vulnerable Software and Affected Versions: Ivanti Neurons for ITSM affected versions not specified Description: The issue is related to an unrestricted file upload vulnerability in the web component of Ivanti Neurons for ITSM. This vulnerability allows a remote, authenticated,...
PT-2024-4021 · Ivanti · Ivanti Neurons For Itsm
Name of the Vulnerable Software and Affected Versions: Ivanti Neurons for ITSM affected versions not specified Description: The issue is related to a SQL injection vulnerability in the web component of Ivanti Neurons for ITSM, due to inadequate protection of the SQL query structure. This...
Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability
Ivanti has disclosed details of a critical remote code execution flaw impacting Standalone Sentry, urging customers to apply the fixes immediately to stay protected against potential cyber threats. Tracked as CVE-2023-41724, the vulnerability carries a CVSS score of 9.6. "An unauthenticated threa...