CVE-2024-7569

EPSS 4.39%
Published 13.08.2024 19:15:16
Last modified 06.09.2024 21:57:23
Source 3c1d8aa1-5a33-4ea4-8992-aadd64
Teams watchlist Login
Open Login

An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information.

Affected products Warnungen 0 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Ivanti ≫ Neurons For Itsm Version2023.2

Ivanti ≫ Neurons For Itsm Version2023.3

Ivanti ≫ Neurons For Itsm Version2023.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	4.39%	0.885

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3c1d8aa1-5a33-4ea4-8992-aadd6440af75	9.6	2.8	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE-215 Insertion of Sensitive Information Into Debugging Code

The product inserts sensitive information into debugging code, which could expose this information if the debugging code is not disabled in production.

CWE-922 Insecure Storage of Sensitive Information

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2024-7569-CVE-2024-7570

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-7569

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-7569

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-7569

EUVD