CVE-2024-7569

Name of the Vulnerable Software and Affected Versions Ivanti ITSM on-premise and Neurons for ITSM versions 2023.4 and earlier

Description An information disclosure issue allows an unauthenticated attacker to obtain the OIDC client secret via debug information. This is related to insufficient protection of service data in the implementation of the OpenID Connect (OIDC) protocol. The vulnerability can be exploited by a remote attacker to gain unauthorized access to protected information.

Recommendations For Ivanti ITSM on-premise and Neurons for ITSM versions 2023.4 and earlier, consider disabling access to debug information as a temporary workaround until a patch is available. Restrict access to sensitive data to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.