Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2026/VULN578 _____________________________________________________________________ DATE : 03/06/2026 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Ivanti Neurons for ITSM versions prior to 2026.1 patch 9, 2026.2 patch 1, Ivanti Neurons for ITSM (On-Premises) versions prior to 2025.4 Patch 1, 2025.3 Patch 1, 2025.2 Patch 1. ===================================================================== https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2026-9614?language=en_US _____________________________________________________________________ Security Advisory Ivanti Neurons for ITSM (CVE-2026-9614) Primary Product Ivanti Neurons for ITSM (Premise) Created Date Jun 1, 2026 1:56:08 PM Last Modified Date Jun 1, 2026 1:56:30 PM Ivanti has released updates for Ivanti Neurons for ITSM which addresses one high severity vulnerability. Successful exploitation could lead to authenticated privilege escalation to an administrator. We are not aware of any customers being exploited by this vulnerability at the time of disclosure. Vulnerability Details CVE Number Description CVSS Score (Severity) CVSS Vector CWE CVE-2026-9614 An Improper Access Control vulnerability in Ivanti Neurons for ITSM (cloud and on-premises) allows a remote authenticated attacker to gain administrative access. 8.8 (High) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CWE-284 Affected Versions Product Name Affected Version(s) Resolved Version(s) Patch Availability Ivanti Neurons for ITSM (On-Premises) 2025.4 and prior 2025.4 Patch 1 2025.3 Patch 1 2025.2 Patch 1 Download Portal ILS Ivanti Neurons for ITSM (Cloud) 2026.1 and prior 2026.1 patch 9 2026.2 patch 1 Update applied to landscapes on May 24 & 25 Solution Customers using on-premises deployments can remediate this vulnerability by updating one of the fixed versions of Ivanti ITSM, available in the Downloads section of ILS (login required). SaaS deployments (Ivanti Neurons for ITSM) have been remediated through service updates and require no customer action FAQ 1. Are you aware of any active exploitation of these vulnerabilities? We are not aware of any customers being exploited by these vulnerabilities prior to public disclosure. 2. How can I tell if I have been compromised? Currently, there is no known public exploitation of this vulnerability that could be used to provide a list of indicators of compromise. As a best practice recommendation, Ivanti recommends that customers audit role configurations to ensure permissions are limited to intended administrative roles. Misconfigurations can allow users to elevate privileges 3. Do Cloud customers need to take action? No. Ivanti has already applied the fix to all cloud environments 4. What should I do if I need help?  If you have questions after reviewing this information, you can log a case and/or request a call via the Ivanti Innovators Hub. 5. Why Is Ivanti releasing an out-of-band release for Ivanti Neurons for ITSM? When this vulnerability was recently identified, it was determined to pose an elevated risk to customers due to the simplicity of exploitation. Ivanti prioritized getting a fix developed, and the vulnerability disclosed as quickly as possible to alert customers to the issue and provide the information they need to protect their environments. 6. Why did Ivanti release two emergency patches on the cloud tenants the week of May 24? Ivanti deployed the fix for the security issue disclosed today during the release for 2026.1 Patch 9 and 2026.2 Patch 1. Later in the week, Ivanti also patched a bug that caused IP addresses to not be logged properly in 2026.1 Patch 10 and 2026.2 Patch 2. This second issue only affects the cloud version of the product. Article Number : 000107021 Article Promotion Level Normal ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================