Unrated severityNVD Advisory· Published Aug 13, 2024· Updated Aug 16, 2024

CVE-2024-7570

Description

Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user.

Affected products

Ivanti/ITSMllm-create2 versions
<=2023.4+ 1 more
- (no CPE)range: <=2023.4
- (no CPE)range: 2023.4
Ivanti/Neurons for ITSMllm-fuzzy
Range: <=2023.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2024-7569-CVE-2024-7570mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000