CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8496
https://notcve.org/view.php?id=CVE-2024-8496
11 Dec 2024 — Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalation. • https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Workspace-Control-IWC-CVE-2024-8496 • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44107
https://notcve.org/view.php?id=CVE-2024-44107
10 Sep 2024 — DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-IWC • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-44106
https://notcve.org/view.php?id=CVE-2024-44106
10 Sep 2024 — Insufficient server-side controls in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-IWC • CWE-602: Client-Side Enforcement of Server-Side Security •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-44105
https://notcve.org/view.php?id=CVE-2024-44105
10 Sep 2024 — Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to obtain OS credentials. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-IWC • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-44104
https://notcve.org/view.php?id=CVE-2024-44104
10 Sep 2024 — An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-IWC • CWE-290: Authentication Bypass by Spoofing •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-44103
https://notcve.org/view.php?id=CVE-2024-44103
10 Sep 2024 — DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-IWC • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8012 – Ivanti Workspace Control RES Exposed Dangerous Method Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-8012
10 Sep 2024 — An authentication bypass weakness in the message broker service of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. This vulnerability allows local attackers to escalate privileges on affected installations of Ivanti Workspace Control. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the RES service, which listens on TCP ... • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-IWC • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-21823
https://notcve.org/view.php?id=CVE-2022-21823
07 Jan 2022 — A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control <2021.2 (10.7.30.0) that could allow an attacker with locally authenticated low privileges to obtain key information due to an unspecified attack vector. Se presenta una vulnerabilidad de almacenamiento no seguro de información confidencial en Ivanti Workspace Control versiones anteriores a 2021.2 (10.7.30.0) que podría permitir a un atacante con privilegios bajos autenticados localmente conseguir información clave ... • https://forums.ivanti.com/s/article/A-locally-authenticated-user-with-low-privileges-can-obtain-key-information-due-to-an-unspecified-attack-vector?language=en_US • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2019-19138
https://notcve.org/view.php?id=CVE-2019-19138
15 Dec 2021 — Ivanti Workspace Control before 10.4.50.0 allows attackers to degrade integrity. Ivanti Workspace Control versiones anteriores a 10.4.50.0, permite a atacantes degradar la integridad • https://forums.ivanti.com/s/article/Enhanced-Security-Update-IWC-components •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36235
https://notcve.org/view.php?id=CVE-2021-36235
01 Sep 2021 — An issue was discovered in Ivanti Workspace Control before 10.6.30.0. A locally authenticated user with low privileges can bypass File and Folder Security by leveraging an unspecified attack vector. As a result, the attacker can start applications with elevated privileges. Se detectó un problema en Ivanti Workspace Control versiones anteriores a 10.6.30.0. Un usuario autenticado localmente con pocos privilegios puede omitir la Seguridad de Archivos y Carpetas al aprovechar un vector de ataque no especi... • https://forums.ivanti.com/s/article/A-locally-authenticated-user-with-low-privileges-can-bypass-the-File-and-Folder-Security-by-leveraging-an-unspecified-attack-vector •