Two Vulnerabilities Patched in Ivanti Neurons for ITSM
Summary
Ivanti has released patches for two vulnerabilities in its Neurons for ITSM product. These flaws could allow attackers to maintain access even after their accounts are disabled and to access sensitive information from other user sessions.
IFF Assessment
The identified vulnerabilities allow for persistent access and information disclosure, which directly aids attackers.
Severity
The vulnerabilities allow for post-authentication privilege escalation and information disclosure, with potential for remote exploitation, indicating a high severity.
Defender Context
Defenders need to prioritize patching Ivanti Neurons for ITSM instances to mitigate these risks. The ability for an attacker to maintain access after account disablement is particularly concerning, suggesting a need for thorough post-incident investigations if an exploit is suspected.