Two Vulnerabilities Patched in Ivanti Neurons for ITSM

Ivanti has patched two vulnerabilities in Neurons for ITSM that could allow remote attackers to bypass security controls. The first flaw enables attackers to maintain persistence even after their account has been disabled, effectively circumventing the organization's ability to revoke access. The second vulnerability permits unauthorized access to information from other user sessions, potentially exposing sensitive data across multiple accounts. These authentication and session management weaknesses pose significant risk to organizations using the affected product. Users are advised to apply patches immediately to prevent account takeover and data exposure. No specific threat actors or malware have been attributed to these vulnerabilities at this time.

The flaws could allow a remote attacker to maintain access after their account has been disabled and to access information from other user sessions. The post Two Vulnerabilities Patched in Ivanti Neurons for ITSM appeared first on SecurityWeek .

Ivanti has patched two vulnerabilities in Neurons for ITSM that could allow remote attackers to bypass security controls. The first flaw enables attackers to maintain persistence even after their account has been disabled, effectively circumventing the organization's ability to revoke access. The second vulnerability permits unauthorized access to information from other user sessions, potentially exposing sensitive data across multiple accounts. These authentication and session management weaknesses pose significant risk to organizations using the affected product. Users are advised to apply patches immediately to prevent account takeover and data exposure. No specific threat actors or malware have been attributed to these vulnerabilities at this time. The flaws could allow a remote attacker to maintain access after their account has been disabled and to access information from other user sessions. The post Two Vulnerabilities Patched in Ivanti Neurons for ITSM appeared first on SecurityWeek . The flaws could allow a remote attacker to maintain access after their account has been disabled and to access information from other user sessions. The post Two Vulnerabilities Patched in Ivanti Neurons for ITSM appeared first on SecurityWeek .