Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN293
_____________________________________________________________________

DATE                : 12/03/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Ivanti Desktop and Server
                     Management (DSM) versions prior to 2026.1.1.

=====================================================================
https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-DSM-CVE-2026-3483?language=en_US
_____________________________________________________________________

Security Advisory Ivanti DSM (CVE-2026-3483)

Primary Product
DSM

Created Date
10 Mar 2026 09:26:42

Last Modified Date
10 Mar 2026 14:12:02


Security Advisory Ivanti DSM (CVE-2026-3483)

Summary

Ivanti has released an update for Ivanti Desktop and Server Management
(DSM) which addresses one high severity vulnerability. Successful
exploitation could allow an attacker to elevate their local
privileges.

We are not aware of any customers being exploited by these
vulnerabilities at the time of disclosure.

 

Vulnerability Details:

CVE Number     Description    CVSS Score (Severity)   CVSS Vector
CWE

CVE-2026-3483
An exposed dangerous method in Ivanti DSM before version 2026.1.1
allows a local authenticated attacker to escalate their privileges.
7.8 (High)
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-749

 
Affected Versions

Product Name      Affected Version(s)    Resolved Version(s)
Patch Availability

Ivanti Desktop and Server Management (DSM)  DSM 2026.1 and prior
DSM 2026.1.1         Download Available in ILS

 
Solution

Customers can resolve this vulnerability by updating to Ivanti
DSM 2026.1.1, available in ILS.


Upgrading to Ivanti Desktop & Server Management (DSM) 2026.1.1

Please reference the following documentation for assistance in
updating to the latest version: 

Help Documentation: Updating the Environment, How to include a
Service Update during a DSM Installation / Update?

Download: Ivanti DSM Download Center

Release Notes: Release Notes for DSM 2026.1.1


FAQ

    Are you aware of any active exploitation of this
vulnerability? 

We are not aware of any customers being exploited by this
vulnerability prior to public disclosure. This vulnerability
was disclosed through our responsible disclosure program. 

    How can I tell if I have been compromised? 

Currently, there is no known public exploitation of this
vulnerability that could be used to provide a list of
indicators of compromise.

    What should I do if I need help? 

If you have questions after reviewing this information, you
can log a case and/or request a call via the Ivanti
Innovators Hub

 
Article Number :
000105406
Article Promotion Level
Normal

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================