Neurons for ITSM
by Ivanti
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-22462 | 0.01 | — | 0.07 | May 13, 2025 | An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system. | |||
| CVE-2024-7569 | 0.01 | — | 0.07 | Aug 13, 2024 | An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information. | |||
| CVE-2024-7570 | 0.00 | — | 0.02 | Aug 13, 2024 | Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user. | |||
| CVE-2024-22059 | 0.00 | — | 0.04 | May 31, 2024 | A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete information in the underlying database. This may also lead to DoS. | |||
| CVE-2024-22060 | 0.00 | — | 0.05 | May 31, 2024 | An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM server. |
- CVE-2025-22462May 13, 2025risk 0.01cvss —epss 0.07
An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system.
- CVE-2024-7569Aug 13, 2024risk 0.01cvss —epss 0.07
An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information.
- CVE-2024-7570Aug 13, 2024risk 0.00cvss —epss 0.02
Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user.
- CVE-2024-22059May 31, 2024risk 0.00cvss —epss 0.04
A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete information in the underlying database. This may also lead to DoS.
- CVE-2024-22060May 31, 2024risk 0.00cvss —epss 0.05
An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM server.