轉發 台灣電腦網路危機處理暨協調中心 資安訊息警訊 TWCERTCC-200-202605-00000007

[內容說明]
Ivanti旗下的Xtraction是一套IT報表與資料視覺化平台，可將不同IT系統的資料整合至同一儀表板，方便即時查看與分析。近期Ivanti發布重大資安漏洞公告(CVE-2026-8043，CVSS：9.6)，此漏洞允許經身分驗證的攻擊者讀取敏感檔案，並將任意HTML檔案寫入網站目錄。

[影響平台]
Ivanti Xtraction 2026.1(含)以前版本

[建議措施]
請更新至Ivanti Xtraction 2026.2(含)之後版本
Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202605-00000007

[Content Description]
Ivanti's Xtraction is an IT reporting and data visualization platform that integrates data from different IT systems onto a single dashboard for easy real-time viewing and analysis. Recently, Ivanti released a critical cybersecurity vulnerability announcement (CVE-2026-8043, CVSS: 9.6). This vulnerability allows an authenticated attacker to read sensitive files and write arbitrary HTML files to a website directory.

[Affected Platforms]
Ivanti Xtraction 2026.1 and earlier versions

[Recommended Action]
Please update to Ivanti Xtraction 2026.2 or later.