7 results (0.002 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control <2021.2 (10.7.30.0) that could allow an attacker with locally authenticated low privileges to obtain key information due to an unspecified attack vector. Se presenta una vulnerabilidad de almacenamiento no seguro de información confidencial en Ivanti Workspace Control versiones anteriores a 2021.2 (10.7.30.0) que podría permitir a un atacante con privilegios bajos autenticados localmente conseguir información clave debido a un vector de ataque no especificado • https://forums.ivanti.com/s/article/A-locally-authenticated-user-with-low-privileges-can-obtain-key-information-due-to-an-unspecified-attack-vector?language=en_US • CWE-922: Insecure Storage of Sensitive Information •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Ivanti Workspace Control before 10.4.50.0 allows attackers to degrade integrity. Ivanti Workspace Control versiones anteriores a 10.4.50.0, permite a atacantes degradar la integridad • https://forums.ivanti.com/s/article/Enhanced-Security-Update-IWC-components https://forums.ivanti.com/s/article/Security-Alert-Ivanti-RES-Workspace-Manager-November-2019 •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Ivanti Workspace Control before 10.6.30.0. A locally authenticated user with low privileges can bypass File and Folder Security by leveraging an unspecified attack vector. As a result, the attacker can start applications with elevated privileges. Se detectó un problema en Ivanti Workspace Control versiones anteriores a 10.6.30.0.&#xa0;Un usuario autenticado localmente con pocos privilegios puede omitir la Seguridad de Archivos y Carpetas al aprovechar un vector de ataque no especificado. • https://forums.ivanti.com/s/article/A-locally-authenticated-user-with-low-privileges-can-bypass-the-File-and-Folder-Security-by-leveraging-an-unspecified-attack-vector •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

In Ivanti WorkSpace Control before 10.4.40.0, a user can elevate rights on the system by hijacking certain user registries. This is possible because pwrgrid.exe first checks the Current User registry hives (HKCU) when starting an application with elevated rights. En Ivanti WorkSpace Control versiones anteriores a 10.4.40.0, un usuario puede elevar los derechos en el sistema mediante el secuestro de determinados registros de usuarios. Esto es posible porque el archivo pwrgrid.exe primero comprueba las colmenas del registro Current User (HKCU) al iniciar una aplicación con derechos elevados. • https://forums.ivanti.com/s/article/A-locally-authenticated-user-with-low-privileges-can-acquire-admin-privileges-by-hijacking-certain-user-registry-entries • CWE-269: Improper Privilege Management •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

Ivanti Workspace Control before 10.4.30.0, when SCCM integration is enabled, allows local users to obtain sensitive information (keying material). Ivanti Workspace Control versiones anteriores a 10.4.30.0, cuando la integración SCCM está habilitada, permite a usuarios locales obtener información confidencial (material de codificación). • https://forums.ivanti.com/s/article/A-locally-authenticated-user-with-low-privileges-can-recover-keying-material-due-to-an-unspecified-attack-vector •