wid-sec-w-2026-1120 · Published 2026-04-14 · View on BSI CERT-Bund ↗

Ivanti Neurons for ITSM: Multiple Vulnerabilities allow Offenlegung from Informationen

CVSS N/A NONE

Risk Summary

Stored XSS in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to obtain limited information from other user sessions. User interaction is required.

CVEs (2)

CVE-2026-4913 CVE-2026-4914

Affected Vendors

Ivanti

Affected Products (2)

Ivanti · Neurons for ITSM <2025.4

Ivanti · Neurons for ITSM 2025.4

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more