At Ivanti, our top priority is upholding our commitment to deliver and maintain secure products for our customers. We continue to invest significant resources to ensure that all our solutions meet our own high standards and industry best practices. Our team rigorously assesses our products and collaborates with the broader security ecosystem to share intelligence, and we are committed to communicating findings openly with customers, consistent with our commitment to security and responsible disclosure.

As part of our review and testing of our code, the internal Ivanti team in partnership with third-party researchers identified a new vulnerability in Ivanti Neurons for ITSM. We are reporting it as CVE-2023-46808. A patch is now available for all supported versions of Ivanti Neurons for ITSM (2023.3, 2023.2 and 2023.1), and the patch has been applied to all Ivanti Neurons for ITSM Cloud landscapes. Unsupported versions are also at risk, customers should upgrade to a supported version before applying the patch.

It is important for customers to know:

  • We have no evidence of this vulnerability being exploited in the wild.
  • This vulnerability does not impact any other Ivanti products or solutions.
  • Customers with an on-premises Ivanti Neurons for ITSM solution should apply the patch.
  • The patch has been applied to all Ivanti Neurons for ITSM Cloud landscapes.

More information on this vulnerability and detailed instructions on patch availability and how to remediate the vulnerability can be found in this Security Advisory.

Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Success portal (login credentials required).

We would also like to thank Sebastian Puttkammer of SSC Prime Sec GmbH for their collaboration on this issue. 

Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.