Unrestricted File Upload Vulnerability in Ivanti Neurons for ITSM Allows Remote Attackers to Write Arbitrary Files
CVE-2024-22060

8.7HIGH

Key Information:

Vendor: Ivanti
Status: Itsm
Vendor: CVE Published:; 31 May 2024

Summary

An unrestricted file upload vulnerability exists within the web component of Ivanti Neurons for ITSM, enabling a remote, authenticated user with high privileges to upload arbitrary files. This vulnerability permits the writing of files into sensitive directories on the ITSM server, potentially leading to unauthorized access or manipulation of system files. Organizations using affected versions of Ivanti Neurons for ITSM should apply necessary patches and security measures to mitigate risks associated with this vulnerability. For detailed information and updates, refer to the security advisory.

Affected Version(s)

ITSM 2023.3

References

https://forums.ivanti.com/s/article/Security-Advisory-May...

CVSS V3.1

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 31, 2024
Vulnerability Reserved
Jan 5, 2024

Collectors

NVD DatabaseMitre Database