File Upload Remote Write in Ivanti ITSM (<2023.4)
CVE-2023-46808 Published on March 31, 2024
An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user.
Weakness Type
What is an Unrestricted File Upload Vulnerability?
The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
CVE-2023-46808 has been classified to as an Unrestricted File Upload vulnerability or weakness.
Products Associated with CVE-2023-46808
Want to know whenever a new CVE is published for Ivanti Neurons For Itsm? stack.watch will email you.
Affected Versions
Ivanti ITSM:- Version 2023.3, <= 2023.3 is affected.
- Before 2023.4 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.