Ivanti Neurons for ITSM 2023.3

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:ivanti:neurons_for_itsm:2023.3:*:*:*:*:*:*:*

part: a version: 2023.3 update: *

VendorIvanti (40b984ad-e54c-5e1b-9aa1-2a4cd4d61129)
ProductNeurons For Itsm (c998bf27-04a1-55e6-8e76-51cf068ba1ac)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-7570 vulnerable 2026-06-03 14:58:06.392265 Details available
HIGH (8.3)
Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user.
Published: 2024-08-13T18:12:45.157Z
Updated: 2024-08-16T04:02:05.349Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-7569 vulnerable 2026-06-03 14:58:06.390776 Details available
CRITICAL (9.6)
An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information.
Published: 2024-08-13T18:10:55.710Z
Updated: 2024-08-16T04:02:04.140Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-22059 vulnerable 2026-06-03 14:54:59.564647 Details available
HIGH (8.8)
A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete information in the underlying database. This may also lead to DoS.
Published: 2024-05-31T17:38:31.425Z
Updated: 2024-08-01T22:35:34.845Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.