Vulnerabilities

Ivanti Patches Critical Vulnerabilities in Standalone Sentry, Neurons for ITSM

Ivanti has released patches for two critical-severity vulnerabilities leading to arbitrary command execution.

Published

Ivanti vulnerability

IT software company Ivanti on Wednesday announced patches for two critical-severity vulnerabilities in Standalone Sentry and Neurons for ITSM that could lead to command execution.

Tracked as CVE-2023-41724 (CVSS score of 9.6) and described as a remote code execution issue, the Standalone Sentry bug allows unauthenticated attackers to execute arbitrary commands.

“An unauthenticated threat actor can execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network,” Ivanti notes in its advisory.

The issue affects all supported iterations of Standalone Sentry (versions 9.17.0, 9.18.0, and 9.19.0). Older releases are also at risk and users should upgrade to a supported version, Ivanti says.

The Ivanti Neurons for ITSM vulnerability is tracked as CVE-2023-46808 (CVSS score of 9.9) and described as a file write issue that can be exploited remotely.

“An authenticated remote user can perform file writes to the ITSM server. Successful exploitation can be used to write files to sensitive directories which may allow attackers execution of commands in the context of a web application’s user,” Ivanti explains in its advisory.

Advertisement. Scroll to continue reading.

Affected supported versions of Ivanti Neurons for ITSM include 2023.3, 2023.2 and 2023.1. Users of unsupported iterations are advised to upgrade to a supported release. According to Ivanti, all Ivanti Neurons for ITSM cloud landscapes have been patched against the flaw.

Standalone Sentry and Ivanti Neurons for ITSM users can download the available patches via their respective download portals.

Both vulnerabilities were identified towards the end of 2023 but, because neither is actively exploited, Ivanti did not want to disclose them until a fix was available, “so that customers have the tools they need to protect their environment,” the company says.

Ivanti customers are encouraged to apply the available patches as soon as possible, as vulnerabilities in the company’s products are often targeted in attacks.

Related: Governments Urge Organizations to Hunt for Ivanti VPN Attacks

Related: Ivanti Vulnerability Exploited to Deliver New ‘DSLog’ Backdoor

Related: Exploitation of Another Ivanti VPN Vulnerability Observed

In this article:

Related Content

Ivanti vulnerability exploited

Vulnerabilities

Ivanti Sentry Exploitation Attempts Hitting Honeypots

The critical-severity OS command injection vulnerability allows attackers to execute arbitrary code with root privileges.

2 days ago

Vulnerabilities

Critical Vulnerabilities Patched in Fortinet, Ivanti Products

Two OS command injection flaws can be exploited remotely, without authentication, for arbitrary code execution.

4 days ago

Vulnerabilities

Fortinet, Ivanti Patch Critical Vulnerabilities

Successful exploitation of these flaws could lead to arbitrary code execution and information disclosure.

May 13, 2026

Vulnerabilities

Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks

CVE-2026-6973 is a high-severity vulnerability that allows an attacker who has admin privileges to execute arbitrary code.

May 8, 2026

Vulnerabilities

Two Vulnerabilities Patched in Ivanti Neurons for ITSM 

The flaws could allow a remote attacker to maintain access after their account has been disabled and to access information from other user sessions.

April 15, 2026

Vulnerabilities

Fortinet, Ivanti, Intel Patch High-Severity Vulnerabilities

The bugs could lead to arbitrary code execution, privilege escalation, or authentication rate-limit bypass.

March 11, 2026

Malware & Threats

Ivanti Exploitation Surges as Zero-Day Attacks Traced Back to July 2025

Security researchers have seen the vulnerabilities being exploited to deliver shells, conduct reconnaissance, and download malware.

February 19, 2026

Vulnerabilities

Ivanti Patches Endpoint Manager Vulnerabilities Disclosed in October 2025

It also fixed a high-severity authentication bypass that could be exploited remotely without authentication to obtain credentials.

February 11, 2026

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version