CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-15592
https://notcve.org/view.php?id=CVE-2018-15592
An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can execute processes with elevated privileges via an unspecified attack vector. Se ha descubierto un problema en Ivanti Workspace Control en versiones anteriores a la 10.3.10.0 y RES One Workspace. Un usuario local autenticado puede ejecutar procesos con privilegios elevados mediante un vector de ataque sin especificar. • http://packetstormsecurity.com/files/149615/Ivanti-Workspace-Control-Named-Pipe-Privilege-Escalation.html http://seclists.org/fulldisclosure/2018/Oct/1 https://community.ivanti.com/docs/DOC-69692 https://seclists.org/bugtraq/2018/Oct/7 https://www.securify.nl/en/advisory/SFY20180802/ivanti-workspace-control-local-privilege-escalation-via-named-pipe.html • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-15591
https://notcve.org/view.php?id=CVE-2018-15591
An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can bypass Application Whitelisting restrictions to execute arbitrary code by leveraging multiple unspecified attack vectors. Se ha descubierto un problema en Ivanti Workspace Control en versiones anteriores a la 10.3.10.0 y RES One Workspace. Un usuario local autenticado puede omitir las restricciones de lista blanca de aplicaciones para ejecutar código arbitrario aprovechando múltiples vectores de ataque sin especificar. • http://packetstormsecurity.com/files/149614/Ivanti-Workspace-Control-Application-PowerGrid-SEE-Whitelist-Bypass.html http://seclists.org/fulldisclosure/2018/Oct/4 https://community.ivanti.com/docs/DOC-69684 https://seclists.org/bugtraq/2018/Oct/8 https://www.securify.nl/en/advisory/SFY20180806/ivanti-workspace-control-application-whitelist-bypass-via-powergrid-_see-command-line-argument.html • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15593
https://notcve.org/view.php?id=CVE-2018-15593
An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can decrypt the encrypted datastore or relay server password by leveraging an unspecified attack vector. Se ha descubierto un problema en Ivanti Workspace Control en versiones anteriores a la 10.3.10.0 y RES One Workspace. Un usuario local autenticado puede descifrar el almacén de datos o reproducir las contraseñas del servidor aprovechando un vector de ataque sin especificar. • http://packetstormsecurity.com/files/149616/Ivanti-Workspace-Control-Registry-Stored-Credentials.html http://seclists.org/fulldisclosure/2018/Oct/3 https://community.ivanti.com/docs/DOC-69693 https://seclists.org/bugtraq/2018/Oct/5 https://www.securify.nl/en/advisory/SFY20180804/stored-credentials-ivanti-workspace-control-can-be-retrieved-from-registry.html •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15590
https://notcve.org/view.php?id=CVE-2018-15590
An issue was discovered in Ivanti Workspace Control before 10.3.0.0 and RES One Workspace, when file and folder security are configured. A local authenticated user can bypass file and folder security restriction by leveraging an unspecified attack vector. Se ha descubierto un problema en Ivanti Workspace Control en versiones anteriores a la 10.3.0.0 y RES One Workspace, cuando se configura la seguridad en archivos y carpetas. Un usuario local autenticado puede omitir las restricciones de seguridad en archivos y carpetas aprovechando un vector de ataque sin especificar. • http://packetstormsecurity.com/files/149617/Ivanti-Workspace-Control-UNC-Path-Data-Security-Bypass.html http://seclists.org/fulldisclosure/2018/Oct/2 https://community.ivanti.com/docs/DOC-69682 https://seclists.org/bugtraq/2018/Oct/10 https://www.securify.nl/en/advisory/SFY20180803/ivanti-workspace-control-data-security-bypass-via-localhost-unc-path.html •
CVSS: 6.1EPSS: 0%CPEs: 23EXPL: 0CVE-2018-14366
https://notcve.org/view.php?id=CVE-2018-14366
download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect Vulnerability. download.cgi en Pulse Secure Pulse Connect Secure, en versiones 8.1RX anteriores a la 8.1R13 y versiones 8.3RX anteriores a la 8.3R4; y Pulse Policy Secure hasta versiones 5.2RX anteriores a la 5.2R10 y versiones 5.4RX anteriores a la 5.4R4 tienen una vulnerabilidad de redirección abierta. • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •