Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Workspace Control Security Vulnerabilities

cve
cve

CVE-2018-15590

An issue was discovered in Ivanti Workspace Control before 10.3.0.0 and RES One Workspace, when file and folder security are configured. A local authenticated user can bypass file and folder security restriction by leveraging an unspecified attack vector.

5.5CVSS

5.5AI Score

0.0004EPSS

2018-10-15 04:29 PM
21
cve
cve

CVE-2018-15591

An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can bypass Application Whitelisting restrictions to execute arbitrary code by leveraging multiple unspecified attack vectors.

7.8CVSS

8.8AI Score

0.0004EPSS

2018-10-15 04:29 PM
23
cve
cve

CVE-2018-15592

An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can execute processes with elevated privileges via an unspecified attack vector.

7.8CVSS

7.5AI Score

0.0004EPSS

2018-10-15 04:29 PM
20
cve
cve

CVE-2018-15593

An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can decrypt the encrypted datastore or relay server password by leveraging an unspecified attack vector.

7.8CVSS

7.5AI Score

0.0004EPSS

2018-10-15 04:29 PM
20
cve
cve

CVE-2019-10885

An issue was discovered in Ivanti Workspace Control before 10.3.90.0. Local authenticated users with low privileges in a Workspace Control managed session can bypass Workspace Control security features configured for this session by resetting the session context.

7.8CVSS

7.5AI Score

0.0004EPSS

2019-04-05 05:29 PM
56
cve
cve

CVE-2019-16382

An issue was discovered in Ivanti Workspace Control 10.3.110.0. One is able to bypass Ivanti's FileGuard folder protection by renaming the WMTemp work folder used by PowerGrid. A malicious PowerGrid XML file can then be created, after which the folder is renamed back to its original value. Also, CV...

9.8CVSS

8AI Score

0.002EPSS

2020-03-19 05:15 PM
26
cve
cve

CVE-2019-17066

In Ivanti WorkSpace Control before 10.4.40.0, a user can elevate rights on the system by hijacking certain user registries. This is possible because pwrgrid.exe first checks the Current User registry hives (HKCU) when starting an application with elevated rights.

7.8CVSS

7.5AI Score

0.0004EPSS

2020-05-18 10:15 PM
67
cve
cve

CVE-2019-19138

Ivanti Workspace Control before 10.4.50.0 allows attackers to degrade integrity.

7.5CVSS

7.5AI Score

0.001EPSS

2021-12-15 08:15 AM
22
cve
cve

CVE-2019-19675

In Ivanti Workspace Control before 10.3.180.0. a locally authenticated user with low privileges can bypass Managed Application Security by leveraging an unspecified attack vector in Workspace Preferences, when it is enabled. As a result, the attacker can start applications that should be blocked.

7.8CVSS

7.5AI Score

0.0004EPSS

2019-12-17 03:15 PM
32
cve
cve

CVE-2020-11533

Ivanti Workspace Control before 10.4.30.0, when SCCM integration is enabled, allows local users to obtain sensitive information (keying material).

5.5CVSS

5.1AI Score

0.0004EPSS

2020-04-04 08:15 PM
74
cve
cve

CVE-2021-36235

An issue was discovered in Ivanti Workspace Control before 10.6.30.0. A locally authenticated user with low privileges can bypass File and Folder Security by leveraging an unspecified attack vector. As a result, the attacker can start applications with elevated privileges.

7.8CVSS

7.5AI Score

0.0004EPSS

2021-09-01 01:15 AM
33
cve
cve

CVE-2022-21823

A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control <2021.2 (10.7.30.0) that could allow an attacker with locally authenticated low privileges to obtain key information due to an unspecified attack vector.

5.5CVSS

5.2AI Score

0.0004EPSS

2022-01-10 02:12 PM
53
cve
cve

CVE-2024-44103

DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.

8.8CVSS

6.8AI Score

0.0004EPSS

2024-09-10 09:15 PM
26
cve
cve

CVE-2024-44104

An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.

8.8CVSS

7AI Score

0.0004EPSS

2024-09-10 09:15 PM
24
cve
cve

CVE-2024-44105

Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to obtain OS credentials.

8.2CVSS

6.1AI Score

0.0004EPSS

2024-09-10 09:15 PM
25
cve
cve

CVE-2024-44106

Insufficient server-side controls in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.

8.8CVSS

6.8AI Score

0.0004EPSS

2024-09-10 09:15 PM
27
cve
cve

CVE-2024-44107

DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution.

8.8CVSS

7.6AI Score

0.0004EPSS

2024-09-10 09:15 PM
26
cve
cve

CVE-2024-8012

An authentication bypass weakness in the message broker service of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.

7.8CVSS

7.1AI Score

0.0004EPSS

2024-09-10 09:15 PM
30