urlscan.io logo urlscan.io
SecurityTrails logo

forums.ivanti.com Open in urlscan Pro
2606:4700::6812:6ff1  Public Scan

Back to summary
URL: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2024-7569-CVE-2024-7570?language=en_US
Submission: On August 16 via api from IN — Scanned from DE

Form analysis 0 forms found in the DOM

Text Content

Loading
×Sorry to interrupt
CSS Error

Refresh

Skip to Main Content

Community
 * Home
 * All Products
 * Forum Groups
   
 * Contact Support
 * Getting Started
   
 * Advantage Learning
 * Ivanti User Groups
 * Ivanti Ideas
 * Product End of Life
 * Site Resources
 * More
   


Expand search
SearchLoading



Close search

Log inAccount Management

Ask a Question


Log in for access to this feature



Security Advisory: Ivanti Neurons for ITSM (CVE-2024-7569, CVE-2024-7570)
Primary Product
Ivanti Neurons for ITSM (Premise)
Created Date
Aug 13, 2024 2:00:18 PM
Last Modified Date
Aug 13, 2024 2:00:18 PM
Ivanti has released updates for Ivanti Neurons for ITSM which addresses a
critical severity vulnerability and a high severity vulnerability. Please note:
the patch has been applied to all Ivanti Neurons for ITSM Cloud landscapes as of
August 4. No further action is needed for cloud customers, we strongly urge
on-prem customers to act immediately to ensure they are fully protected.

These issues only impact customers who utilize Ivanti Neurons for ITSM with OIDC
authentication.

We are not aware of any customers being exploited by these vulnerabilities at
the time of disclosure.

Vulnerability Details:

CVE NumberDescriptionCVSS Score (Severity)CVSS VectorCWECVE-2024-7569An
information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM
versions 2023.4 and earlier allows an unauthenticated attacker to obtain the
OIDC client secret via debug information. 9.6
(Critical)CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HCWE-215CVE-2024-7570Improper
certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions
2023.4 and earlier allows a remote attacker in a MITM position to craft a token
that would allow access to ITSM as any user.8.3
(High)CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:HCWE-295


Affected Versions

Product NameAffected Version(s)Affected CPE(s)Resolved Version(s)Patch
AvailabilityIvanti Neurons for ITSM2023.4
 cpe:2.3:a:ivanti:neurons_for_itsm:2023.4:*:*:*:*:*:*:*2023.4 w/ patch
 2023.4 Patch mirrors: [USA/EU/ASIA]
 Ivanti Neurons for ITSM2023.3
 N/A2023.3 w/ patch
 2023.3 Patch mirrors: [USA/EU/ASIA]
 Ivanti Neurons for ITSM2023.2
 cpe:2.3:a:ivanti:neurons_for_itsm:2023.2:*:*:*:*:*:*:*2023.2 w/ patch
 2023.2 Patch mirrors: [USA/EU/ASIA]
 



Solution
Follow the instructions documents provided in the download files to apply the
patch.

FAQ
 1. Are you aware of any active exploitation of these vulnerabilities?

We are not aware of any customers being exploited by these vulnerabilities prior
to public disclosure. These vulnerabilities were disclosed through our
responsible disclosure program. 
 2. How can I tell if I have been compromised?
    Currently, there is no known exploitation of this vulnerability that could
    be used to provide a list of indicators of compromise.
 3. If I only have Ivanti Neurons for ITAM (without ITSM) does this apply to me?

Yes, Ivanti Neurons for ITAM shares a platform with Ivanti Neurons for ITSM. Due
to this, if a customer only has Ivanti Neurons for ITAM they should also apply
the fix.
 
 4. What should I do if I need help? 

If you have questions after reviewing this information, you can log a case
and/or request a call via the Success Portal 
Article Number :
000094071
Article Promotion Level
Normal

 * 
 * Terms & Conditions
 * Privacy Policy
 * 

Copyright © 2019-2023 Ivanti. All rights reserved.



Loading



WE USE COOKIES 🍪

We use cookies on this site to improve your browser experience, analyze usage
and traffic, tailor future content to your preferences, and make decisions about
our website.
Cookies Settings Only Essential Cookies Accept All Cookies



PRIVACY PREFERENCE CENTER




YOUR PRIVACY

YOUR PRIVACY

We use cookies on this site to improve your browser experience, analyze usage
and traffic, tailor future content to your preferences, and make decisions about
our website. Select "Allow All" to accept cookies and go directly to the site,
or select a category of cookies from the menu to learn more about each type of
cookie.
More information


 * STRICTLY NECESSARY
   
   STRICTLY NECESSARY
   
   Always Active
   Strictly Necessary
   
   These cookies are required to enable core site functionality.
   
   Cookie Details‎


 * PERFORMANCE COOKIES
   
   PERFORMANCE COOKIES
   
   Performance Cookies
   
   These cookies allow us to analyze site performance and usage, so we can
   ensure you have the best experience.
   
   Cookie Details‎


 * PERSONALIZATION COOKIES
   
   PERSONALIZATION COOKIES
   
   Personalization Cookies
   
   These cookies can be set through our website by our advertising partners.
   They can be used by these companies to build a profile of your interests and
   show you relevant ads on other websites.
   
   Cookie Details‎


 * FUNCTIONAL COOKIES
   
   FUNCTIONAL COOKIES
   
   Functional Cookies
   
   These cookies enable the website to provide enhanced functionality and
   personalization. They may be set by us or by third party providers whose
   services we have added to our pages. If you do not allow these cookies then
   some or all of these services may not function properly.
   
   Cookie Details‎

Back Button


ADVERTISING COOKIES

Filter Button
Consent Leg.Interest
Select All Vendors
Select All Vendors
Select All Hosts

Select All



Clear Filters

Information storage and access
Apply
Save Settings Allow All