Vulnerabilities > Ivanti > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-10 | CVE-2024-44103 | Untrusted Search Path vulnerability in Ivanti Workspace Control DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. | 7.8 |
| 2024-09-10 | CVE-2024-44104 | Authentication Bypass by Spoofing vulnerability in Ivanti Workspace Control An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. | 7.8 |
| 2024-09-10 | CVE-2024-44105 | Cleartext Transmission of Sensitive Information vulnerability in Ivanti Workspace Control Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to obtain OS credentials. | 7.8 |
| 2024-09-10 | CVE-2024-44106 | Unspecified vulnerability in Ivanti Workspace Control Insufficient server-side controls in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. | 7.8 |
| 2024-09-10 | CVE-2024-44107 | Uncontrolled Search Path Element vulnerability in Ivanti Workspace Control DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution. | 7.8 |
| 2024-09-10 | CVE-2024-8012 | Missing Authentication for Critical Function vulnerability in Ivanti Workspace Control An authentication bypass weakness in the message broker service of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. | 7.8 |
| 2024-09-10 | CVE-2024-8190 | OS Command Injection vulnerability in Ivanti Cloud Services Appliance 4.6 An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. | 7.2 |
| 2024-09-10 | CVE-2024-8321 | Missing Authentication for Critical Function vulnerability in Ivanti Endpoint Manager Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to isolate managed devices from the network. | 8.6 |
| 2024-09-10 | CVE-2024-8322 | Unspecified vulnerability in Ivanti Endpoint Manager Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality. | 8.8 |
| 2024-08-14 | CVE-2024-36136 | Off-by-one Error vulnerability in Ivanti Avalanche An off-by-one error in WLInfoRailService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS. | 7.5 |