CVE-2024-7569

EPSS 4.39%
Veröffentlicht 13.08.2024 19:15:16
Zuletzt bearbeitet 06.09.2024 21:57:23
Quelle 3c1d8aa1-5a33-4ea4-8992-aadd64
Teams Watchlist Login
Unerledigt Login

An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ivanti ≫ Neurons For Itsm Version2023.2

Ivanti ≫ Neurons For Itsm Version2023.3

Ivanti ≫ Neurons For Itsm Version2023.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	4.39%	0.885

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3c1d8aa1-5a33-4ea4-8992-aadd6440af75	9.6	2.8	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE-215 Insertion of Sensitive Information Into Debugging Code

The product inserts sensitive information into debugging code, which could expose this information if the debugging code is not disabled in production.

CWE-922 Insecure Storage of Sensitive Information

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2024-7569-CVE-2024-7570

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-7569

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-7569

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-7569

EUVD