Ivanti Neurons For Itsm — known CVE vulnerabilities
Every CVE whose affected-product data names Ivanti Neurons For Itsm, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2023-46808 — CVSS 9.9 (critical): An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server…
CVE-2025-22462 — CVSS 9.8 (critical): An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows…
CVE-2024-7569 — CVSS 9.6 (critical): An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated…
CVE-2024-22059 — CVSS 8.8 (high): A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete…
CVE-2024-7570 — CVSS 8.3 (high): Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM…
CVE-2024-22060 — CVSS 4.9 (medium): An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user…