Products
Ivanti ITSM on-prem
- 2023.4 and earlier
Neurons for ITSM
- 2023.4 and earlier
Source
3c1d8aa1-5a33-4ea4-8992-aadd6440af75
Tags
CVE-2024-7569 details
Published : Aug. 13, 2024, 7:15 p.m.
Last Modified : Aug. 13, 2024, 7:15 p.m.
Last Modified : Aug. 13, 2024, 7:15 p.m.
Description
An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9.6 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-215 | Insertion of Sensitive Information Into Debugging Code | The product inserts sensitive information into debugging code, which could expose this information if the debugging code is not disabled in production. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
9.6
Exploitability Score
2.8
Impact Score
6.0
Base Severity
CRITICAL
Vector String : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
References
| URL | Source |
|---|---|
| https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2024-7569-CVE-2024-7570 | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 |
This website uses the NVD API, but is not approved or certified by it.