Vulnerabilities > Ivanti > Workspace Control

DATE CVE VULNERABILITY TITLE RISK
2024-12-11 CVE-2024-8496 Incorrect Default Permissions vulnerability in Ivanti Workspace Control
Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalation.
local
low complexity
ivanti CWE-276
7.8
2024-09-10 CVE-2024-44103 Untrusted Search Path vulnerability in Ivanti Workspace Control
DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.
local
low complexity
ivanti CWE-426
7.8
2024-09-10 CVE-2024-44104 Authentication Bypass by Spoofing vulnerability in Ivanti Workspace Control
An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.
local
low complexity
ivanti CWE-290
7.8
2024-09-10 CVE-2024-44105 Cleartext Transmission of Sensitive Information vulnerability in Ivanti Workspace Control
Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to obtain OS credentials.
local
low complexity
ivanti CWE-319
7.8
2024-09-10 CVE-2024-44106 Unspecified vulnerability in Ivanti Workspace Control
Insufficient server-side controls in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.
local
low complexity
ivanti
7.8
2024-09-10 CVE-2024-44107 Uncontrolled Search Path Element vulnerability in Ivanti Workspace Control
DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution.
local
low complexity
ivanti CWE-427
7.8
2024-09-10 CVE-2024-8012 Missing Authentication for Critical Function vulnerability in Ivanti Workspace Control
An authentication bypass weakness in the message broker service of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.
local
low complexity
ivanti CWE-306
7.8
2022-01-10 CVE-2022-21823 Insecure Storage of Sensitive Information vulnerability in Ivanti Workspace Control
A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control <2021.2 (10.7.30.0) that could allow an attacker with locally authenticated low privileges to obtain key information due to an unspecified attack vector.
local
low complexity
ivanti CWE-922
5.5
2021-12-15 CVE-2019-19138 Unspecified vulnerability in Ivanti Workspace Control
Ivanti Workspace Control before 10.4.50.0 allows attackers to degrade integrity.
network
low complexity
ivanti
7.5
2021-09-01 CVE-2021-36235 Unspecified vulnerability in Ivanti Workspace Control
An issue was discovered in Ivanti Workspace Control before 10.6.30.0.
local
low complexity
ivanti
7.8