Unrestricted File Upload Vulnerability in Ivanti Neurons for ITSM Allows Remote Attackers to Write Arbitrary Files
CVE-2024-22060

4.9MEDIUM

Key Information:

Vendor: Ivanti
Status: Itsm
Vendor: CVE Published:; 31 May 2024

What is CVE-2024-22060?

An unrestricted file upload vulnerability exists within the web component of Ivanti Neurons for ITSM, enabling a remote, authenticated user with high privileges to upload arbitrary files. This vulnerability permits the writing of files into sensitive directories on the ITSM server, potentially leading to unauthorized access or manipulation of system files. Organizations using affected versions of Ivanti Neurons for ITSM should apply necessary patches and security measures to mitigate risks associated with this vulnerability. For detailed information and updates, refer to the security advisory.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ITSM 2023.3

References

https://forums.ivanti.com/s/article/Security-Advisory-May...

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 31, 2024
Vulnerability Reserved
Jan 5, 2024

JSON

Ivanti

What is CVE-2024-22060?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.