【資安漏洞預警】Ivanti旗下Xtraction存在高風險資安漏洞(CVE-2026-8043)

【行政公告】

公告單位	圖資處數位服務組
訊息類別	行政公告行政公告	公告對象	全體
公告主題	【資安漏洞預警】Ivanti旗下Xtraction存在高風險資安漏洞(CVE-2026-8043) [Security Vulnerability Alert] Ivanti's Xtraction has a high-risk cybersecurity vulnerability (CVE-2026-8043).
公告內容	轉發台灣電腦網路危機處理暨協調中心資安訊息警訊 TWCERTCC-200-202605-00000007 [內容說明] Ivanti旗下的Xtraction是一套IT報表與資料視覺化平台，可將不同IT系統的資料整合至同一儀表板，方便即時查看與分析。近期Ivanti發布重大資安漏洞公告(CVE-2026-8043，CVSS：9.6)，此漏洞允許經身分驗證的攻擊者讀取敏感檔案，並將任意HTML檔案寫入網站目錄。 [影響平台] Ivanti Xtraction 2026.1(含)以前版本 [建議措施] 請更新至Ivanti Xtraction 2026.2(含)之後版本 Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202605-00000007 [Content Description] Ivanti's Xtraction is an IT reporting and data visualization platform that integrates data from different IT systems onto a single dashboard for easy real-time viewing and analysis. Recently, Ivanti released a critical cybersecurity vulnerability announcement (CVE-2026-8043, CVSS: 9.6). This vulnerability allows an authenticated attacker to read sensitive files and write arbitrary HTML files to a website directory. [Affected Platforms] Ivanti Xtraction 2026.1 and earlier versions [Recommended Action] Please update to Ivanti Xtraction 2026.2 or later.
相關訊息
公告時間	2026/5/15 至 2026/11/15	點閱次數	139