CVE-2024-8441
https://notcve.org/view.php?id=CVE-2024-8441
An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM. • https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022 • CWE-427: Uncontrolled Search Path Element •
CVE-2024-44107
https://notcve.org/view.php?id=CVE-2024-44107
DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-IWC • CWE-427: Uncontrolled Search Path Element •
CVE-2024-44106
https://notcve.org/view.php?id=CVE-2024-44106
Insufficient server-side controls in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-IWC • CWE-602: Client-Side Enforcement of Server-Side Security •
CVE-2024-44104
https://notcve.org/view.php?id=CVE-2024-44104
An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-IWC • CWE-290: Authentication Bypass by Spoofing •
CVE-2024-44103
https://notcve.org/view.php?id=CVE-2024-44103
DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-IWC • CWE-426: Untrusted Search Path •