Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-46808

An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user.

Published

2024-03-31T02:15:08.757

Last Modified

2024-11-21T08:29:21.070

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.9 (CRITICAL)

Weaknesses

Type: Primary
CWE-434
Type: Secondary
CWE-434

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ivanti	neurons_for_itsm	< 2023.4	Yes

References

https://forums.ivanti.com/s/article/SA-CVE-2023-46808-Authenticated-Remote-File-Write-for-Ivanti-Neurons-for-ITSM Vendor Advisory ([email protected])
https://forums.ivanti.com/s/article/SA-CVE-2023-46808-Authenticated-Remote-File-Write-for-Ivanti-Neurons-for-ITSM Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)