Ivanti Neurons For Itsm
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Ivanti Neurons For Itsm.
By the Year
In 2026 there have been 2 vulnerabilities in Ivanti Neurons For Itsm with an average score of 5.6 out of ten. Last year, in 2025 Neurons For Itsm had 1 security vulnerability published. That is, 1 more vulnerability have already been reported in 2026 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 2 | 5.55 |
| 2025 | 1 | 0.00 |
| 2024 | 5 | 8.18 |
It may take a day or so for new Neurons For Itsm vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Ivanti Neurons For Itsm Security Vulnerabilities
Ivanti N-ITSM <2025.4: Stored XSS (limited info via auth)
CVE-2026-4914
5.4 - Medium
- April 14, 2026
Stored XSS in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to obtain limited information from other user sessions. User interaction is required.
XSS
Ivanti N-ITSM Imp. PS of Alt Path before 2025.4: Auth Retains Access w/ Disabled Acc
CVE-2026-4913
5.7 - Medium
- April 14, 2026
Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to retain access when their account has been disabled.
Improper Protection of Alternate Path
Ivanti Neurons ITSM Auth Bypass pre 2023.4/2024.2/3 – Remote Admin Access
CVE-2025-22462
- May 13, 2025
An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system.
Authentication Bypass Using an Alternate Path or Channel
Ivanti ITSM/Neurons 2023.4: Improper Cert Validation Enables MITM Token Abuse
CVE-2024-7570
8.1 - High
- August 13, 2024
Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user.
Improper Certificate Validation
Info Disclosure: Ivanti ITSM/Neurons v<2023.4 OIDC Client Secret Leak
CVE-2024-7569
9.8 - Critical
- August 13, 2024
An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information.
Ivanti Neurons for ITSM Unrestricted File Upload via Web Component
CVE-2024-22060
4.9 - Medium
- May 31, 2024
An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM server.
Ivanti Neurons for ITSM: Authenticated SQL Injection via Web Component
CVE-2024-22059
- May 31, 2024
A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete information in the underlying database. This may also lead to DoS.
File Upload Remote Write in Ivanti ITSM (<2023.4)
CVE-2023-46808
9.9 - Critical
- March 31, 2024
An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user.
Unrestricted File Upload
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Ivanti Neurons For Itsm or by Ivanti? Click the Watch button to subscribe.
