Lucene search

K
IvantiNeurons For Itsm

6 matches found

CVE
CVE
added 2025/05/13 4:15 p.m.86 views

CVE-2025-22462

An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system.

9.8CVSS9.9AI score0.01695EPSS
CVE
CVE
added 2024/03/31 2:15 a.m.55 views

CVE-2023-46808

An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user.

9.9CVSS9.5AI score0.06037EPSS
CVE
CVE
added 2024/08/13 7:15 p.m.37 views

CVE-2024-7569

An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information.

9.8CVSS6.6AI score0.0613EPSS
CVE
CVE
added 2024/08/13 7:15 p.m.37 views

CVE-2024-7570

Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user.

8.3CVSS7.1AI score0.00291EPSS
CVE
CVE
added 2024/05/31 6:15 p.m.28 views

CVE-2024-22060

An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM server.

8.7CVSS7AI score0.04748EPSS
CVE
CVE
added 2024/05/31 6:15 p.m.18 views

CVE-2024-22059

A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete information in the underlying database. This may also lead to DoS.

8.8CVSS7.6AI score0.04217EPSS