Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user.
Metrics
Affected Vendors & Products
References
History
Fri, 06 Sep 2024 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:ivanti:neurons_for_itsm:2023.2:*:*:*:*:*:*:* cpe:2.3:a:ivanti:neurons_for_itsm:2023.3:*:*:*:*:*:*:* cpe:2.3:a:ivanti:neurons_for_itsm:2023.4:*:*:*:*:*:*:* |
Wed, 14 Aug 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Ivanti
Ivanti neurons For Itsm |
|
CPEs | cpe:2.3:a:ivanti:neurons_for_itsm:*:*:*:*:*:*:*:* | |
Vendors & Products |
Ivanti
Ivanti neurons For Itsm |
|
Metrics |
ssvc
|
Tue, 13 Aug 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user. | |
Weaknesses | CWE-295 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: ivanti
Published: 2024-08-13T18:12:45.157Z
Updated: 2024-08-16T04:02:05.349Z
Reserved: 2024-08-06T19:17:59.460Z
Link: CVE-2024-7570
Vulnrichment
Updated: 2024-08-14T14:06:25.780Z
NVD
Status : Analyzed
Published: 2024-08-13T19:15:16.703
Modified: 2024-09-06T21:59:00.830
Link: CVE-2024-7570
Redhat
No data.