cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-7570,https://securityvulnerability.io/vulnerability/CVE-2024-7570,Attackers Can Impersonate Any User in Ivanti ITSM Due to Certificate Validation Flaw,"The vulnerability allows improper certificate validation in Ivanti ITSM and Neurons for ITSM, enabling remote attackers positioned in a Man-in-the-Middle (MITM) scenario to forge tokens. This exploit could permit unauthorized access to the ITSM system as any user. Affected versions include Ivanti ITSM and Neurons for ITSM up to and including 2023.4, making it crucial for organizations utilizing these products to evaluate their security configurations and apply necessary patches to mitigate exposure to this vulnerability.",Ivanti,Itsm,8.1,HIGH,0.000910000002477318,false,false,false,false,,false,false,2024-08-13T18:12:45.157Z,0
CVE-2024-7569,https://securityvulnerability.io/vulnerability/CVE-2024-7569,Unsafe ITSM Data Disclosure through Debug Information,"An information disclosure vulnerability exists in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier. This vulnerability allows unauthenticated attackers to access sensitive OIDC client secret information through debug outputs, potentially compromising secure applications that rely on such credentials. Organizations using affected versions are urged to review their configurations and apply relevant security patches to mitigate this risk.",Ivanti,Itsm,9.8,CRITICAL,0.000910000002477318,false,false,false,false,,false,false,2024-08-13T18:10:55.710Z,0
CVE-2024-22059,https://securityvulnerability.io/vulnerability/CVE-2024-22059,SQL Injection Vulnerability in Ivanti Neurons for ITSM Could Lead to Data Theft and Downtime,"A vulnerability exists in the web component of Ivanti Neurons for ITSM that allows remote authenticated users to exploit SQL injection. This vulnerability enables attackers to manipulate the underlying database by reading, modifying, or deleting sensitive information. Additionally, there is a potential for a Denial of Service (DoS) attack, which can compromise the availability and integrity of the system's data management processes.",Ivanti,Itsm,8.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-05-31T17:38:31.425Z,0
CVE-2024-22060,https://securityvulnerability.io/vulnerability/CVE-2024-22060,Unrestricted File Upload Vulnerability in Ivanti Neurons for ITSM Allows Remote Attackers to Write Arbitrary Files,"An unrestricted file upload vulnerability exists within the web component of Ivanti Neurons for ITSM, enabling a remote, authenticated user with high privileges to upload arbitrary files. This vulnerability permits the writing of files into sensitive directories on the ITSM server, potentially leading to unauthorized access or manipulation of system files. Organizations using affected versions of Ivanti Neurons for ITSM should apply necessary patches and security measures to mitigate risks associated with this vulnerability. For detailed information and updates, refer to the [security advisory](https://forums.ivanti.com/s/article/Security-Advisory-May-2024).",Ivanti,Itsm,8.7,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-05-31T17:38:31.402Z,0
CVE-2023-46808,https://securityvulnerability.io/vulnerability/CVE-2023-46808,File Upload Vulnerability in Ivanti ITSM Before 2023.4 Allows Remote File Writes and Command Execution,"An authenticated remote file upload vulnerability in Ivanti ITSM versions before 2023.4 permits an authenticated user to write arbitrary files to the server. Exploitation of this vulnerability may enable an attacker to execute commands within the context of a non-root user, potentially compromising the security of sensitive data and the overall system integrity. Organizations using affected versions are advised to apply necessary updates and assess their security measures.",Ivanti,Itsm,9.9,CRITICAL,0.0005000000237487257,false,true,false,false,,false,false,2024-03-31T01:45:43.264Z,0