Unsafe ITSM Data Disclosure through Debug Information
CVE-2024-7569

9.8CRITICAL

Key Information:

Vendor: Ivanti
Status: Itsm
Vendor: CVE Published:; 13 August 2024

What is CVE-2024-7569?

An information disclosure vulnerability exists in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier. This vulnerability allows unauthenticated attackers to access sensitive OIDC client secret information through debug outputs, potentially compromising secure applications that rely on such credentials. Organizations using affected versions are urged to review their configurations and apply relevant security patches to mitigate this risk.

Affected Version(s)

ITSM 2023.4

ITSM 2023.4.0

References

https://forums.ivanti.com/s/article/Security-Advisory-Iva...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 13, 2024
Vulnerability Reserved
Aug 6, 2024

JSON