Ivanti patches critical flaws in Neurons for IT Service Management
Take action: If you are running on-premise Neurons for IT Service Management, time to patch. You can try isolating it in a trusted network, but the ITSM system should be connected to all systems, so anything compromised on the network will probably be able to reach and attack the Neurons instance.
Learn More
Ivanti has released patches for critical and high-severity vulnerabilities affecting its Neurons for IT Service Management (ITSM) on premise software. Ivanti Neurons for IT Service Management (ITSM) is a platform designed to manage and optimize IT services across an organization.
The vulnerabilities impact customers utilizing Ivanti Neurons for ITSM with OpenID Connect (OIDC) authentication.
Details of the Vulnerabilities:
-
CVE-2024-7569 (CVSS Score 9.6) - Information Disclosure Vulnerability. This flaw allows unauthenticated attackers to obtain the OIDC client secret through debug information, potentially leading to unauthorized access to sensitive data within the ITSM system.
-
Affected Versions: Ivanti Neurons for ITSM on-prem and versions 2023.4 and earlier.
-
-
CVE-2024-7570 (CVSS Score 8.3) - Improper Certificate Validation Vulnerability. A remote attacker in a Man-in-the-Middle (MITM) position can exploit this flaw to craft a token, enabling unauthorized access to the ITSM system as any user.
- Affected Versions: Ivanti Neurons for ITSM on-prem and versions 2023.4 and earlier.
Patches have been released for versions 2023.4, 2023.3, and 2023.2. All cloud environments have been automatically patched as of August 4, 2024. On-premises customers are urged to apply the patch immediately.
