CVE-2024-7569

Published: Aug 13, 2024Modified: Sep 6, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information.

Affected (3)

Products: Ivanti: Neurons For Itsm

Ivanti

1 product

Neurons For Itsm

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Ivanti Neurons For Itsm	Version 2023.2
Ivanti Neurons For Itsm	Version 2023.3
Ivanti Neurons For Itsm	Version 2023.4

Related CWEs

CWE-215

Insertion of Sensitive Information Into Debugging Code

The product inserts sensitive information into debugging code, which could expose this information if the debugging code is not disabled in production.

CWE-922

Insecure Storage of Sensitive Information

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

References (1)

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2024-7569-CVE-2024-7570

Source: 3c1d8aa1-5a33-4ea4-8992-aadd6440af75

PatchVendor Advisory

Timeline

No history available yet.