Vulnerabilites related to ivanti - neurons_for_itsm
CVE-2024-7569 (GCVE-0-2024-7569)
Vulnerability from cvelistv5
Published
2024-08-13 18:10
Modified
2024-08-16 04:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ivanti:neurons_for_itsm:2023.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "neurons_for_itsm",
"vendor": "ivanti",
"versions": [
{
"status": "affected",
"version": "2023.4"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7569",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T04:02:04.140Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "ITSM",
"vendor": "Ivanti",
"versions": [
{
"status": "affected",
"version": "2023.4"
},
{
"status": "unaffected",
"version": "2023.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information. \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e"
}
],
"value": "An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-215",
"description": "CWE-215: Insertion of Sensitive Information Into Debugging Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T18:10:55.710Z",
"orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"shortName": "ivanti"
},
"references": [
{
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2024-7569-CVE-2024-7570"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"assignerShortName": "ivanti",
"cveId": "CVE-2024-7569",
"datePublished": "2024-08-13T18:10:55.710Z",
"dateReserved": "2024-08-06T19:15:59.879Z",
"dateUpdated": "2024-08-16T04:02:04.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22060 (GCVE-0-2024-22060)
Vulnerability from cvelistv5
Published
2024-05-31 17:38
Modified
2024-08-25 14:58
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM server.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.702Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forums.ivanti.com/s/article/Security-Advisory-May-2024"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ivanti:neurons_for_itsm:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "neurons_for_itsm",
"vendor": "ivanti",
"versions": [
{
"status": "affected",
"version": "2023.4"
},
{
"status": "affected",
"version": "2023.3"
},
{
"status": "affected",
"version": "2023.2"
},
{
"status": "affected",
"version": "2023.1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22060",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T17:53:19.852897Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-25T14:58:44.653Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ITSM",
"vendor": "Ivanti ",
"versions": [
{
"lessThanOrEqual": "2023.3",
"status": "affected",
"version": "2023.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM server."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-05-31T17:38:31.402Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://forums.ivanti.com/s/article/Security-Advisory-May-2024"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2024-22060",
"datePublished": "2024-05-31T17:38:31.402Z",
"dateReserved": "2024-01-05T01:04:06.643Z",
"dateUpdated": "2024-08-25T14:58:44.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22059 (GCVE-0-2024-22059)
Vulnerability from cvelistv5
Published
2024-05-31 17:38
Modified
2024-08-01 22:35
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete information in the underlying database. This may also lead to DoS.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ivanti:neurons_for_itsm:2023.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "neurons_for_itsm",
"vendor": "ivanti",
"versions": [
{
"status": "affected",
"version": "2023.3"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22059",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-01T13:20:02.664497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:52:57.179Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.845Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forums.ivanti.com/s/article/Security-Advisory-May-2024"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ITSM",
"vendor": "Ivanti",
"versions": [
{
"lessThanOrEqual": "2023.3",
"status": "affected",
"version": "2023.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete information in the underlying database. This may also lead to DoS."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-05-31T17:38:31.425Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://forums.ivanti.com/s/article/Security-Advisory-May-2024"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2024-22059",
"datePublished": "2024-05-31T17:38:31.425Z",
"dateReserved": "2024-01-05T01:04:06.642Z",
"dateUpdated": "2024-08-01T22:35:34.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46808 (GCVE-0-2023-46808)
Vulnerability from cvelistv5
Published
2024-03-31 01:45
Modified
2024-08-02 20:53
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ivanti:neurons_for_itsm:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "neurons_for_itsm",
"vendor": "ivanti",
"versions": [
{
"lessThan": "2023.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46808",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-24T18:57:25.499080Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T19:01:07.204Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:21.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forums.ivanti.com/s/article/SA-CVE-2023-46808-Authenticated-Remote-File-Write-for-Ivanti-Neurons-for-ITSM"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ITSM",
"vendor": "Ivanti",
"versions": [
{
"lessThanOrEqual": "2023.3",
"status": "affected",
"version": "2023.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user. "
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-03-31T01:45:43.264Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://forums.ivanti.com/s/article/SA-CVE-2023-46808-Authenticated-Remote-File-Write-for-Ivanti-Neurons-for-ITSM"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2023-46808",
"datePublished": "2024-03-31T01:45:43.264Z",
"dateReserved": "2023-10-27T01:00:13.400Z",
"dateUpdated": "2024-08-02T20:53:21.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7570 (GCVE-0-2024-7570)
Vulnerability from cvelistv5
Published
2024-08-13 18:12
Modified
2024-08-16 04:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-295 - Improper Certificate Validation
Summary
Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ivanti:neurons_for_itsm:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "neurons_for_itsm",
"vendor": "ivanti",
"versions": [
{
"lessThanOrEqual": "2023.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7570",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T04:02:05.349Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "ITSM",
"vendor": "Ivanti",
"versions": [
{
"status": "affected",
"version": "2023.4"
},
{
"status": "unaffected",
"version": "2023.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user. \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e"
}
],
"value": "Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T18:12:45.157Z",
"orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"shortName": "ivanti"
},
"references": [
{
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2024-7569-CVE-2024-7570"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"assignerShortName": "ivanti",
"cveId": "CVE-2024-7570",
"datePublished": "2024-08-13T18:12:45.157Z",
"dateReserved": "2024-08-06T19:17:59.460Z",
"dateUpdated": "2024-08-16T04:02:05.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22462 (GCVE-0-2025-22462)
Vulnerability from cvelistv5
Published
2025-05-13 15:10
Modified
2025-05-13 19:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ivanti | Neurons for ITSM (on-prem) |
Patch: 2023.4 w/ May 2025 Security Patch Patch: 2024.2 w/ May 2025 Security Patch Patch: 2024.3 w/ May 2025 Security Patch |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22462",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T19:39:34.075517Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T19:39:47.647Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Neurons for ITSM (on-prem)",
"vendor": "Ivanti",
"versions": [
{
"status": "unaffected",
"version": "2023.4 w/ May 2025 Security Patch",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2024.2 w/ May 2025 Security Patch",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2024.3 w/ May 2025 Security Patch",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e"
}
],
"value": "An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T15:10:17.923Z",
"orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"shortName": "ivanti"
},
"references": [
{
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-on-premises-only-CVE-2025-22462"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"assignerShortName": "ivanti",
"cveId": "CVE-2025-22462",
"datePublished": "2025-05-13T15:10:17.923Z",
"dateReserved": "2025-01-07T02:19:22.797Z",
"dateUpdated": "2025-05-13T19:39:47.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2024-03-31 02:15
Modified
2024-11-21 08:29
Severity ?
Summary
An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ivanti | neurons_for_itsm | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_itsm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75BA7A8E-E2F2-41B3-9BD1-56CFC430887E",
"versionEndExcluding": "2023.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user. "
},
{
"lang": "es",
"value": "Una vulnerabilidad de carga de archivos en Ivanti ITSM anterior a 2023.4 permite a un usuario remoto autenticado realizar escrituras de archivos en el servidor. La explotaci\u00f3n exitosa puede conducir a la ejecuci\u00f3n de comandos en el contexto de un usuario no root."
}
],
"id": "CVE-2023-46808",
"lastModified": "2024-11-21T08:29:21.070",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"source": "support@hackerone.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-31T02:15:08.757",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.ivanti.com/s/article/SA-CVE-2023-46808-Authenticated-Remote-File-Write-for-Ivanti-Neurons-for-ITSM"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.ivanti.com/s/article/SA-CVE-2023-46808-Authenticated-Remote-File-Write-for-Ivanti-Neurons-for-ITSM"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-13 19:15
Modified
2024-09-06 21:57
Severity ?
9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ivanti | neurons_for_itsm | 2023.2 | |
| ivanti | neurons_for_itsm | 2023.3 | |
| ivanti | neurons_for_itsm | 2023.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_itsm:2023.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F39EF220-4A92-42D0-88DD-172D077D3735",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_itsm:2023.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB23010B-58A3-4D77-A73B-98FA987D37AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_itsm:2023.4:*:*:*:*:*:*:*",
"matchCriteriaId": "61711984-5033-4DB6-9EE9-E4694E877698",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information."
},
{
"lang": "es",
"value": "Una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en Ivanti ITSM on-premise y Neurons for ITSM versiones 2023.4 y anteriores permite a un atacante no autenticado obtener el secreto del cliente OIDC a trav\u00e9s de informaci\u00f3n de depuraci\u00f3n."
}
],
"id": "CVE-2024-7569",
"lastModified": "2024-09-06T21:57:23.037",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-13T19:15:16.443",
"references": [
{
"source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2024-7569-CVE-2024-7570"
}
],
"sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-215"
},
{
"lang": "en",
"value": "CWE-922"
}
],
"source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-13 19:15
Modified
2024-09-06 21:59
Severity ?
8.3 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ivanti | neurons_for_itsm | 2023.2 | |
| ivanti | neurons_for_itsm | 2023.3 | |
| ivanti | neurons_for_itsm | 2023.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_itsm:2023.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F39EF220-4A92-42D0-88DD-172D077D3735",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_itsm:2023.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB23010B-58A3-4D77-A73B-98FA987D37AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_itsm:2023.4:*:*:*:*:*:*:*",
"matchCriteriaId": "61711984-5033-4DB6-9EE9-E4694E877698",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user."
},
{
"lang": "es",
"value": "La validaci\u00f3n de certificados incorrecta en Ivanti ITSM on-premise y Neurons for ITSM Versiones 2023.4 y anteriores permite a un atacante remoto en una posici\u00f3n MITM crear un token que permitir\u00eda el acceso a ITSM como cualquier usuario."
}
],
"id": "CVE-2024-7570",
"lastModified": "2024-09-06T21:59:00.830",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0,
"source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-13T19:15:16.703",
"references": [
{
"source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2024-7569-CVE-2024-7570"
}
],
"sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-13 16:15
Modified
2025-07-16 18:32
Severity ?
Summary
An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ivanti | neurons_for_itsm | * | |
| ivanti | neurons_for_itsm | 2023.4 | |
| ivanti | neurons_for_itsm | 2024.2 | |
| ivanti | neurons_for_itsm | 2024.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_itsm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75BA7A8E-E2F2-41B3-9BD1-56CFC430887E",
"versionEndExcluding": "2023.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_itsm:2023.4:-:*:*:*:*:*:*",
"matchCriteriaId": "6DFAC472-854D-4740-913E-A3DC5A48CD86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_itsm:2024.2:-:*:*:*:*:*:*",
"matchCriteriaId": "F20362DA-5407-4FEC-B463-061B1F8DA506",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_itsm:2024.3:-:*:*:*:*:*:*",
"matchCriteriaId": "5D009CE5-D185-4841-99BA-C8EB086C5F01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system."
},
{
"lang": "es",
"value": "Una omisi\u00f3n de autenticaci\u00f3n en Ivanti Neurons para ITSM (solo local) anterior a 2023.4, 2024.2 y 2024.3 con el parche de seguridad de mayo de 2025 permite que un atacante remoto no autenticado obtenga acceso administrativo al sistema."
}
],
"id": "CVE-2025-22462",
"lastModified": "2025-07-16T18:32:09.720",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"type": "Secondary"
}
]
},
"published": "2025-05-13T16:15:28.530",
"references": [
{
"source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-on-premises-only-CVE-2025-22462"
}
],
"sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-288"
}
],
"source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-31 18:15
Modified
2025-06-30 18:33
Severity ?
Summary
A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete information in the underlying database. This may also lead to DoS.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ivanti | neurons_for_itsm | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_itsm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9EDA427-1086-4F4B-ADDC-DB67810758A3",
"versionEndExcluding": "2023.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete information in the underlying database. This may also lead to DoS."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en el componente web de Ivanti Neurons para ITSM permite a un usuario autenticado remoto leer/modificar/eliminar informaci\u00f3n en la base de datos subyacente. Esto tambi\u00e9n puede provocar DoS."
}
],
"id": "CVE-2024-22059",
"lastModified": "2025-06-30T18:33:46.630",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "support@hackerone.com",
"type": "Secondary"
}
]
},
"published": "2024-05-31T18:15:10.493",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.ivanti.com/s/article/Security-Advisory-May-2024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.ivanti.com/s/article/Security-Advisory-May-2024"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-31 18:15
Modified
2025-06-30 18:28
Severity ?
Summary
An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ivanti | neurons_for_itsm | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ivanti:neurons_for_itsm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9EDA427-1086-4F4B-ADDC-DB67810758A3",
"versionEndExcluding": "2023.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM server."
},
{
"lang": "es",
"value": "Una vulnerabilidad de carga de archivos sin restricciones en el componente web de Ivanti Neurons para ITSM permite a un usuario remoto, autenticado y con altos privilegios escribir archivos arbitrarios en directorios confidenciales del servidor ITSM."
}
],
"id": "CVE-2024-22060",
"lastModified": "2025-06-30T18:28:16.107",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 5.8,
"source": "support@hackerone.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-05-31T18:15:10.660",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.ivanti.com/s/article/Security-Advisory-May-2024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.ivanti.com/s/article/Security-Advisory-May-2024"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}