GCVE - cpe:2.3:a:ivanti:neurons_for_itsm:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:ivanti:neurons_for_itsm:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Ivanti (`40b984ad-e54c-5e1b-9aa1-2a4cd4d61129`)
Product	Neurons For Itsm (`c998bf27-04a1-55e6-8e76-51cf068ba1ac`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-22462`	vulnerable	2026-06-03 14:59:40.022619	Details available CRITICAL (9.8) An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system. Published: 2025-05-13T15:10:17.923Z Updated: 2025-05-13T19:39:47.647Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-on-premises-only-CVE-2025-22462	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-7570`	vulnerable	2026-06-03 14:58:06.392155	Details available HIGH (8.3) Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user. Published: 2024-08-13T18:12:45.157Z Updated: 2024-08-16T04:02:05.349Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2024-7569-CVE-2024-7570	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-22060`	vulnerable	2026-06-03 14:54:59.566289	Details available HIGH (8.7) An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM server. Published: 2024-05-31T17:38:31.402Z Updated: 2024-08-25T14:58:44.653Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/Security-Advisory-May-2024	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-22059`	vulnerable	2026-06-03 14:54:59.565802	Details available HIGH (8.8) A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete information in the underlying database. This may also lead to DoS. Published: 2024-05-31T17:38:31.425Z Updated: 2024-08-01T22:35:34.845Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/Security-Advisory-May-2024	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-46808`	vulnerable	2026-06-03 14:53:16.550399	Details available CRITICAL (9.9) An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user. Published: 2024-03-31T01:45:43.264Z Updated: 2024-08-02T20:53:21.657Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/SA-CVE-2023-46808-Authenticated-Remote-File-Write-for-Ivanti-Neurons-for-ITSM	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.