Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user.
2024-08-13T19:15:16.703
2024-09-06T21:59:00.830
Analyzed
3c1d8aa1-5a33-4ea4-8992-aadd6440af75
CVSSv3.1: 8.3 (HIGH)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | ivanti | neurons_for_itsm | 2023.2 | Yes |
| Application | ivanti | neurons_for_itsm | 2023.3 | Yes |
| Application | ivanti | neurons_for_itsm | 2023.4 | Yes |