An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user.
References
Link | Resource |
---|---|
https://forums.ivanti.com/s/article/SA-CVE-2023-46808-Authenticated-Remote-File-Write-for-Ivanti-Neurons-for-ITSM | Vendor Advisory |
Configurations
History
No history.
Information
Published : 2024-03-31 02:15
Updated : 2024-04-01 15:31
NVD link : CVE-2023-46808
Mitre link : CVE-2023-46808
CVE.ORG link : CVE-2023-46808
JSON object : View
Products Affected
ivanti
- neurons_for_itsm
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type