Ivanti: >> Neurons For Itsm >> 2023.3 Security Vulnerabilities
An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system.
CVSS Score
9.8
EPSS Score
0.026
Published
2025-05-13
An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information.
CVSS Score
9.6
EPSS Score
0.056
Published
2024-08-13
Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user.
CVSS Score
8.3
EPSS Score
0.014
Published
2024-08-13
An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user.
CVSS Score
9.9
EPSS Score
0.063
Published
2024-03-31