QID 379527

Date Published: 2024-03-28

QID 379527: Ivanti Neurons for IT Service Management (ITSM) Authenticated Remote File Write Vulnerability

Ivanti Neurons for ITSM provides enterprise-capable end-to-end service management capabilities throughout the service delivery lifecycle from request capture to remediation. Built on industry standards with 11 ITIL 4 certified practices Ivanti Neurons for ITSM is designed to expand as your needs increase.

A vulnerability has been discovered that impacts all supported versions of Ivanti Neurons for ITSM (2023.3, 2023.2 and 2023.1). Unsupported versions are also at risk customers should upgrade to a supported version before applying the patch (hotfix).

Affected Version:
Ivanti Neurons for ITSM 2023.3
Ivanti Neurons for ITSM 2023.2
Ivanti Neurons for ITSM 2023.1

QID Detection Logic (Authenticated):
This detection looks for the file modified date of "SaaS.WebUI.dll" file.

Successful exploitation can be used to write files to sensitive directories which may allow attackers execution of commands in the context of web applications user.

  • CVSS V3 rated as Critical - 9.9 severity.
  • CVSS V2 rated as High - 7.2 severity.
    • Solution
    Customers are advised to upgrade their Ivanti Connect Secure instances to the latest version. For more information, please refer to the Ivanti Security Advisory.

    Vendor References

    CVEs related to QID 379527

    CVE-2023-46808 |
    Software Advisories
    Advisory ID Software Component Link
    Ivanti Neurons for ITSM URL Logo forums.ivanti.com/s/article/SA-CVE-2023-46808-Authenticated-Remote-File-Write-for-Ivanti-Neurons-for-ITSM?language=en_US
    By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].