Ivanti: >> Neurons For Itsm >> 2023.4 Security Vulnerabilities
An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system.
CVSS Score
9.8
EPSS Score
0.026
Published
2025-05-13
An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information.
CVSS Score
9.6
EPSS Score
0.056
Published
2024-08-13
Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user.
CVSS Score
8.3
EPSS Score
0.014
Published
2024-08-13