Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 06 Sep 2024 22:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ivanti:neurons_for_itsm:2023.2:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_itsm:2023.3:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:neurons_for_itsm:2023.4:*:*:*:*:*:*:*

Wed, 14 Aug 2024 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Ivanti
Ivanti neurons For Itsm
CPEs cpe:2.3:a:ivanti:neurons_for_itsm:*:*:*:*:*:*:*:*
Vendors & Products Ivanti
Ivanti neurons For Itsm
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 13 Aug 2024 18:30:00 +0000

Type Values Removed Values Added
Description Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user.
Weaknesses CWE-295
References
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ivanti

Published:

Updated: 2024-08-16T04:02:05.349Z

Reserved: 2024-08-06T19:17:59.460Z

Link: CVE-2024-7570

cve-icon Vulnrichment

Updated: 2024-08-14T14:06:25.780Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-13T19:15:16.703

Modified: 2024-09-06T21:59:00.830

Link: CVE-2024-7570

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.