CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5353
https://notcve.org/view.php?id=CVE-2025-5353
10 Jun 2025 — A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-CVE-2025-5353-CVE-CVE-2025-22463-CVE-2025-22455 • CWE-321: Use of Hard-coded Cryptographic Key •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22463
https://notcve.org/view.php?id=CVE-2025-22463
10 Jun 2025 — A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt the stored environment password. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-CVE-2025-5353-CVE-CVE-2025-22463-CVE-2025-22455 • CWE-321: Use of Hard-coded Cryptographic Key •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22455
https://notcve.org/view.php?id=CVE-2025-22455
10 Jun 2025 — A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-CVE-2025-5353-CVE-CVE-2025-22463-CVE-2025-22455 • CWE-321: Use of Hard-coded Cryptographic Key •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8496
https://notcve.org/view.php?id=CVE-2024-8496
11 Dec 2024 — Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalation. • https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Workspace-Control-IWC-CVE-2024-8496 • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44107
https://notcve.org/view.php?id=CVE-2024-44107
10 Sep 2024 — DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution. DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-IWC • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-44106
https://notcve.org/view.php?id=CVE-2024-44106
10 Sep 2024 — Insufficient server-side controls in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. Insufficient server-side controls in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-IWC • CWE-602: Client-Side Enforcement of Server-Side Security •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-44105
https://notcve.org/view.php?id=CVE-2024-44105
10 Sep 2024 — Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to obtain OS credentials. Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to obtain OS credentials. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-IWC • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-44104
https://notcve.org/view.php?id=CVE-2024-44104
10 Sep 2024 — An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-IWC • CWE-290: Authentication Bypass by Spoofing •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-44103
https://notcve.org/view.php?id=CVE-2024-44103
10 Sep 2024 — DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-IWC • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8012 – Ivanti Workspace Control RES Exposed Dangerous Method Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-8012
10 Sep 2024 — An authentication bypass weakness in the message broker service of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. An authentication bypass weakness in the message broker service of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges. This vulnerability allows local attackers to escalate privileges on affected installations of Ivanti Workspace Control. An attacke... • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-IWC • CWE-288: Authentication Bypass Using an Alternate Path or Channel •