CVE-2023-46808

Name of the Vulnerable Software and Affected Versions Ivanti ITSM versions prior to 2023.4

Description The issue is related to an file upload vulnerability, which allows an authenticated remote user to perform file writes to the server. This can lead to the execution of commands in the context of a non-root user. The vulnerability is associated with unlimited upload of dangerous file types, enabling an attacker to execute arbitrary commands by injecting specially crafted files.

Recommendations For versions prior to 2023.4, update to version 2023.4 or later to resolve the issue. As a temporary workaround, consider restricting file upload capabilities to minimize the risk of exploitation. Restrict access to sensitive areas of the server to prevent potential command execution.