CVE-2024-7570

CVSS V2 None CVSS V3 None

Description

Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user.

Overview

CVE ID
CVE-2024-7570

Assigner
ivanti

Vulnerability Status
PUBLISHED

Published Version
2024-08-13T18:12:45.157Z

Last Modified Date
2024-08-13T18:12:45.157Z

Weakness Enumerations

CWE	URL
CWE-295	http://cwe.mitre.org/data/definitions/295.html

References

Reference URL	Reference Tags
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2024-7569-CVE-2024-7570

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-7570
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7570

History

Created	Old Value	New Value	Data Type	Notes
2024-08-14 13:08:43				Added to TrackCVE