cbcvebase.

Ivanti Neurons For Itsm vulnerabilities

6 known vulnerabilities affecting ivanti/neurons_for_itsm.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL3HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2023-46808P1CRITICALCVSS 9.9Exploitedfixed in 2023.42024-03-31
CVE-2023-46808 [CRITICAL] CWE-434 CVE-2023-46808: An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to pe An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user.
nvd
CVE-2025-22462P2CRITICALCVSS 9.8fixed in 2023.4v2023.4+2 more2025-05-13
CVE-2025-22462 [CRITICAL] CWE-288 CVE-2025-22462: An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system.
nvd
CVE-2024-7569P3CRITICALCVSS 9.8v2023.2v2023.3+1 more2024-08-13
CVE-2024-7569 [CRITICAL] CWE-215 CVE-2024-7569: An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information.
nvd
CVE-2024-22059P3HIGHCVSS 8.8fixed in 2023.32024-05-31
CVE-2024-22059 [HIGH] CWE-89 CVE-2024-22059: A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authentica A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete information in the underlying database. This may also lead to DoS.
nvd
CVE-2024-7570P3HIGHCVSS 8.1v2023.2v2023.3+1 more2024-08-13
CVE-2024-7570 [HIGH] CWE-295 CVE-2024-7570: Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earl Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user.
nvd
CVE-2024-22060P4MEDIUMCVSS 4.9fixed in 2023.32024-05-31
CVE-2024-22060 [MEDIUM] CWE-434 CVE-2024-22060: An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remot An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM server.
nvd
Ivanti Neurons For Itsm vulnerabilities | cvebase