8.3
CVE-2024-7570
- EPSS 1.35%
- Veröffentlicht 13.08.2024 19:15:16
- Zuletzt bearbeitet 06.09.2024 21:59:00
- Quelle 3c1d8aa1-5a33-4ea4-8992-aadd64
- CVE-Watchlists
- Unerledigt
LoginImproper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ivanti ≫ Neurons For Itsm Version2023.2
Ivanti ≫ Neurons For Itsm Version2023.3
Ivanti ≫ Neurons For Itsm Version2023.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.35% | 0.795 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 8.3 | 1.6 | 6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.