CVE-2024-22059
published 2024-05-31CVE-2024-22059: A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete information in the…
PriorityP352high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EPSS
1.07%
60.6th percentile
A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete information in the underlying database. This may also lead to DoS.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | itsm | 2023.3 – 2023.3 | — |
| ivanti | neurons_for_itsm | < 2023.3 | 2023.3 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ivanti
Ivanti Security Advisory: CVE-2024-22059
vendor_ivanti·2024-05-31·CVSS 8.8
CVE-2024-22059 [HIGH] CWE-89 Ivanti Security Advisory: CVE-2024-22059
Ivanti Security Advisory: CVE-2024-22059
A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete information in the underlying database. This may also lead to DoS.
CVE IDs: CVE-2024-22059
CVSS Base Score: 8.8
Severity: HIGH
CWEs: CWE-89
GHSA
GHSA-jwg9-47h4-mj73: A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete information in the
ghsa_unreviewed·2024-05-31
CVE-2024-22059 [HIGH] CWE-89 GHSA-jwg9-47h4-mj73: A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete information in the
A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete information in the underlying database. This may also lead to DoS.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-05-31
Published