CVE-2026-9614
Received
Received - Intake
Improper Access Control in Ivanti Neurons for ITSM
Publication date: 2026-06-01
Last updated on: 2026-06-01
Assigner: ivanti
Description
Description
An Improper Access Control vulnerability in Ivanti Neurons for ITSM (cloud and on-premises) allows a remote authenticated attacker to gain administrative access.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ivanti | neurons_for_itsm | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Improper Access Control issue in Ivanti Neurons for ITSM (both cloud and on-premises versions). It allows a remote attacker who is already authenticated to the system to escalate their privileges and gain administrative access.
How can this vulnerability impact me? :
The vulnerability can have a severe impact because it allows an authenticated attacker to gain administrative privileges. This means the attacker could potentially control the affected system, access sensitive data, modify configurations, and disrupt services.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70