Unsafe ITSM Data Disclosure through Debug Information
CVE-2024-7569
9.8CRITICAL
What is CVE-2024-7569?
An information disclosure vulnerability exists in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier. This vulnerability allows unauthenticated attackers to access sensitive OIDC client secret information through debug outputs, potentially compromising secure applications that rely on such credentials. Organizations using affected versions are urged to review their configurations and apply relevant security patches to mitigate this risk.
Affected Version(s)
ITSM 2023.4
ITSM 2023.4
ITSM 2023.4.0