PT-2025-29292 · Ivanti · Ivanti Dsm

Name of the Vulnerable Software and Affected Versions: Ivanti DSM versions prior to 2024.2 Description: A hardcoded secret within the software allows an authenticated attacker on an adjacent network to decrypt sensitive data, including user credentials. Recommendations: Update Ivanti DSM to versi...

CLSA-2025-1751271968 openssl: Fix of CVE-2019-1563

CVE-2019-1563: fix information disclosure in PKCS7dataDecode and CMSdecryptset1pkey...

Bizerba BRAIN2 安全漏洞

Bizerba BRAIN2 is an industrial software platform from Bizerba, Germany. A security vulnerability exists in Bizerba BRAIN2 that stems from the possibility that a standard Windows user could access and decrypt database configuration files...

CVE-2025-22463

A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt the stored environment password...

Vulnerabilities fixed in Ivanti Workspace Control

Ivanti has fixed vulnerabilities in Ivanti Workspace Control Specifically for versions prior to 10.19.10.0. The vulnerabilities are in the hard-coded keys within Ivanti Workspace Control, specifically in versions prior to 10.19.10.0. These vulnerabilities allow local, authenticated attackers to...

CVE-2025-22455

A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials...

CVE-2025-22455

A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials...

CVE-2025-22463

A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt the stored environment password...

CVE-2025-5353

A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials...

CVE-2025-22463

CVE-2025-22463 affects Ivanti Workspace Control prior to 10.19.10.0, due to a hard-coded key that enables a local authenticated attacker to decrypt stored credentials (SQL and environment passwords). Root cause: hard-coded cryptographic key in the product. Impact: unauthorized access to sensitive...

CVE-2025-22463

A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt the stored environment password...

CVE-2025-22455

A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials...

Ivanti Workspace Control 安全漏洞

Ivanti Workspace Control is a suite of workspace control software from Ivanti USA. The software includes features such as user management, application management and report management. A security vulnerability exists in Ivanti Workspace Control prior to version 10.19.0.0, which stems from a...

Ivanti Workspace Control 安全漏洞

Ivanti Workspace Control is a suite of workspace control software from Ivanti USA. The software includes features such as user management, application management and report management. A security vulnerability exists in Ivanti Workspace Control versions prior to 10.19.10.0, which stems from a...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the decrypt function in CookieStore.php. An attacker can execute arbitrary code or cause a denial of service by sending a specially crafted cookie containing malicious serialized data which are...

CVE-2024-38341

IBM Sterling Secure Proxy 6.0.0.0 through 6.0.3.1, 6.1.0.0 through 6.1.0.0, and 6.2.0.0 through 6.2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CVE-2024-10379

A vulnerability classified as problematic was found in ESAFENET CDG 5. Affected by this vulnerability is the function actionViewDecyptFile of the file /com/esafenet/servlet/client/DecryptApplicationService.java. The manipulation of the argument decryptFileId with the input...

CVE-2024-53832

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V05.30. The affected devices contain a secure element which is connected via an unencrypted SPI bus. This could allow an attacker with physical access to the SPI bus to observe the password used for the...

CVE-2023-21444

Improper cryptographic implementation in Samsung Flow for PC 4.9.14.0 allows adjacent attackers to decrypt encrypted messages or inject commands...

CVE-2023-21443

Improper cryptographic implementation in Samsung Flow for Android prior to version 4.9.04 allows adjacent attackers to decrypt encrypted messages or inject commands...