Info Disclosure: Ivanti ITSM/Neurons v<2023.4 OIDC Client Secret Leak
CVE-2024-7569 Published on August 13, 2024

An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information.

NVD

Vulnerability Analysis

CVE-2024-7569 can be exploited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
CHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Types

Insecure Storage of Sensitive Information

The software stores sensitive information without properly limiting read or write access by unauthorized actors. If read access is not properly restricted, then attackers can steal the sensitive information. If write access is not properly restricted, then attackers can modify and possibly delete the data, causing incorrect results and possibly a denial of service.

Insertion of Sensitive Information Into Debugging Code

The application inserts sensitive information into debugging code, which could expose this information if the debugging code is not disabled in production. When debugging, it may be necessary to report detailed information to the programmer. However, if the debugging code is not disabled when the application is operating in a production environment, then this sensitive information may be exposed to attackers.


Products Associated with CVE-2024-7569

Want to know whenever a new CVE is published for Ivanti Neurons For Itsm? stack.watch will email you.

Ivanti Neurons For Itsm
 

Affected Versions

Ivanti ITSM: ivanti neurons_for_itsm:

Exploit Probability

EPSS
7.47%
Percentile
91.69%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.