Ivanti

Workspace Control

22 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2025-5353

  • EPSS 0.05%
  • Published 10.06.2025 14:39:34
  • Last modified 10.07.2025 15:08:37

A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials.

7.3

CVE-2025-22463

  • EPSS 0.07%
  • Published 10.06.2025 14:39:06
  • Last modified 10.07.2025 15:08:30

A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt the stored environment password.

7.8

CVE-2025-22455

  • EPSS 0.05%
  • Published 10.06.2025 14:38:36
  • Last modified 10.07.2025 15:08:21

A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials.

7.8

CVE-2024-8496

  • EPSS 0.06%
  • Published 11.12.2024 17:15:21
  • Last modified 13.12.2024 19:42:40

Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalation.

7.8

CVE-2024-8012

  • EPSS 0.17%
  • Published 10.09.2024 21:15:14
  • Last modified 12.06.2025 17:15:28

An authentication bypass weakness in the message broker service of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.

7.8

CVE-2024-44107

  • EPSS 0.2%
  • Published 10.09.2024 21:15:14
  • Last modified 12.06.2025 17:15:28

DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution.

7.8

CVE-2024-44106

  • EPSS 0.18%
  • Published 10.09.2024 21:15:14
  • Last modified 12.06.2025 17:15:28

Insufficient server-side controls in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.

7.8

CVE-2024-44105

  • EPSS 0.03%
  • Published 10.09.2024 21:15:13
  • Last modified 12.06.2025 17:15:27

Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to obtain OS credentials.

7.8

CVE-2024-44104

  • EPSS 0.11%
  • Published 10.09.2024 21:15:13
  • Last modified 12.06.2025 17:15:27

An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.

7.8

CVE-2024-44103

  • EPSS 0.18%
  • Published 10.09.2024 21:15:13
  • Last modified 12.06.2025 17:15:27

DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.