CVE-2024-7569

CRITICAL

Ivanti Neurons for ITSM 2023.4 and earlier - Unauthenticated Information Disclosure via Debug OIDC Client Secret

Title source: llm

Description

An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information.

References (1)

Core 1

Core References

Patch, Vendor Advisory

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2024-7569-CVE-2024-7570

Scores

CVSS v3 9.6

EPSS 0.0164

EPSS Percentile 73.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-922 CWE-215

Status published

Products (3)

ivanti/neurons_for_itsm 2023.2

ivanti/neurons_for_itsm 2023.3

ivanti/neurons_for_itsm 2023.4

Published Aug 13, 2024

Tracked Since Feb 18, 2026