Vulnerabilities > Ivanti > Workspace Control
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-12-11 | CVE-2024-8496 | Incorrect Default Permissions vulnerability in Ivanti Workspace Control Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalation. | 7.8 |
2024-09-10 | CVE-2024-44103 | Untrusted Search Path vulnerability in Ivanti Workspace Control DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. | 7.8 |
2024-09-10 | CVE-2024-44104 | Authentication Bypass by Spoofing vulnerability in Ivanti Workspace Control An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. | 7.8 |
2024-09-10 | CVE-2024-44105 | Cleartext Transmission of Sensitive Information vulnerability in Ivanti Workspace Control Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to obtain OS credentials. | 7.8 |
2024-09-10 | CVE-2024-44106 | Unspecified vulnerability in Ivanti Workspace Control Insufficient server-side controls in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. | 7.8 |
2024-09-10 | CVE-2024-44107 | Uncontrolled Search Path Element vulnerability in Ivanti Workspace Control DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution. | 7.8 |
2024-09-10 | CVE-2024-8012 | Missing Authentication for Critical Function vulnerability in Ivanti Workspace Control An authentication bypass weakness in the message broker service of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. | 7.8 |
2022-01-10 | CVE-2022-21823 | Insecure Storage of Sensitive Information vulnerability in Ivanti Workspace Control A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control <2021.2 (10.7.30.0) that could allow an attacker with locally authenticated low privileges to obtain key information due to an unspecified attack vector. | 5.5 |
2021-12-15 | CVE-2019-19138 | Unspecified vulnerability in Ivanti Workspace Control Ivanti Workspace Control before 10.4.50.0 allows attackers to degrade integrity. | 7.5 |
2021-09-01 | CVE-2021-36235 | Unspecified vulnerability in Ivanti Workspace Control An issue was discovered in Ivanti Workspace Control before 10.6.30.0. | 7.8 |