cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-8496,https://securityvulnerability.io/vulnerability/CVE-2024-8496,Local Privilege Escalation Vulnerability in Ivanti Workspace Control,"In Ivanti Workspace Control, versions prior to 10.18.40.0 exhibit a vulnerability where insecure permissions can be exploited under certain conditions. This flaw allows a local authenticated attacker to escalate their privileges, potentially enabling unauthorized actions within the system. This type of vulnerability underscores the importance of strict permission management and regular updates to security practices to mitigate risks associated with privilege escalation.",Ivanti,Workspace Control,7.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-12-11T17:15:00.000Z,0
CVE-2024-8012,https://securityvulnerability.io/vulnerability/CVE-2024-8012,Local Auth Bypass Could Lead to Privilege Escalation,"An authentication bypass vulnerability exists in the message broker service of Ivanti Workspace Control, affecting version 10.18.0.0 and earlier. This vulnerability allows a local authenticated attacker to escalate their privileges, potentially granting access to sensitive functionalities and data within the system. Proper patching and mitigation strategies are essential to safeguard against this type of attack, as it may lead to unauthorized actions and increased security risks.",Ivanti,Workspace Control,7.8,HIGH,0.0011099999537691474,false,false,false,false,,false,false,2024-09-10T21:15:00.000Z,0
CVE-2024-44107,https://securityvulnerability.io/vulnerability/CVE-2024-44107,Local Attackers Can Easily Escalate Privileges and Execute Arbitrary Code in Ivanti Workspace Control,"A vulnerability exists in the management console of Ivanti Workspace Control, where DLL hijacking can be exploited by local authenticated attackers. This security flaw permits attackers to escalate their privileges and execute arbitrary code on affected systems. The issue is present in Ivanti Workspace Control versions 10.18.0.0 and earlier, posing significant risks to installations that have not been updated. For more information, please refer to the official security advisory.",Ivanti,Workspace Control,7.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-09-10T21:15:00.000Z,0
CVE-2024-44106,https://securityvulnerability.io/vulnerability/CVE-2024-44106,Local Authenticated Attacker Can Escalate Privileges via Server-Side Controls in Ivanti Workspace Control,"The Ivanti Workspace Control management console has a vulnerability due to insufficient server-side controls. This flaw enables a local authenticated attacker to escalate their privileges, potentially allowing them to perform unauthorized actions within the system. This issue impacts versions 10.18.0.0 and earlier, making it crucial for users to apply the latest security updates and patches to mitigate the risks associated with this vulnerability. For more information, refer to the security advisory provided by Ivanti.",Ivanti,Workspace Control,7.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-09-10T21:15:00.000Z,0
CVE-2024-44105,https://securityvulnerability.io/vulnerability/CVE-2024-44105,Local Authenticated Attacker Can Access OS Credentials via Cleartext Transmission in Ivanti Workspace Control,"The vulnerability in Ivanti Workspace Control allows local authenticated attackers to exploit the management console, resulting in the cleartext transmission of sensitive information. Versions 10.18.0.0 and earlier are particularly susceptible, as they enable unauthorized access to operating system credentials. This flaw poses significant risks as it can be exploited by individuals with local access to the system, emphasizing the necessity of securing management interfaces and employing encryption for sensitive data transmissions.",Ivanti,Workspace Control,7.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-09-10T21:15:00.000Z,0
CVE-2024-44104,https://securityvulnerability.io/vulnerability/CVE-2024-44104,Privilege Escalation Vulnerability in Ivanti Workspace Control,"The Ivanti Workspace Control management console contains a vulnerability due to an incorrectly implemented authentication scheme. This design flaw allows a local authenticated attacker to conduct a spoofing attack, ultimately enabling them to escalate their privileges. Affected users should be aware of the potential security risks and consider upgrading to a more secure version of the software.",Ivanti,Workspace Control,7.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-09-10T21:15:00.000Z,0
CVE-2024-44103,https://securityvulnerability.io/vulnerability/CVE-2024-44103,Attackers Can Elevate Privileges via DLL Hijacking in Ivanti Workspace Control,"A DLL hijacking vulnerability exists in the management console of Ivanti Workspace Control versions up to 10.18.0.0. This flaw can be exploited by local authenticated attackers, granting them the ability to escalate their privileges within the affected environment. By manipulating the loading of dynamic link libraries, an attacker could execute unauthorized actions, potentially leading to broader system compromises. It is crucial for users of Ivanti Workspace Control to assess their installations and apply necessary mitigations as outlined in the security advisory provided by Ivanti.",Ivanti,Workspace Control,7.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-09-10T21:15:00.000Z,0
CVE-2022-21823,https://securityvulnerability.io/vulnerability/CVE-2022-21823,,A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control <2021.2 (10.7.30.0) that could allow an attacker with locally authenticated low privileges to obtain key information due to an unspecified attack vector.,Ivanti,Ivanti Workspace Control,5.5,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2022-01-10T14:12:00.000Z,0
CVE-2019-19138,https://securityvulnerability.io/vulnerability/CVE-2019-19138,,Ivanti Workspace Control before 10.4.50.0 allows attackers to degrade integrity.,Ivanti,Workspace Control,7.5,HIGH,0.0008999999845400453,false,false,false,false,,false,false,2021-12-15T07:07:47.000Z,0
CVE-2021-36235,https://securityvulnerability.io/vulnerability/CVE-2021-36235,,"An issue was discovered in Ivanti Workspace Control before 10.6.30.0. A locally authenticated user with low privileges can bypass File and Folder Security by leveraging an unspecified attack vector. As a result, the attacker can start applications with elevated privileges.",Ivanti,Workspace Control,7.8,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2021-09-01T00:19:28.000Z,0
CVE-2019-17066,https://securityvulnerability.io/vulnerability/CVE-2019-17066,,"In Ivanti WorkSpace Control before 10.4.40.0, a user can elevate rights on the system by hijacking certain user registries. This is possible because pwrgrid.exe first checks the Current User registry hives (HKCU) when starting an application with elevated rights.",Ivanti,Workspace Control,7.8,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2020-05-18T21:53:20.000Z,0
CVE-2020-11533,https://securityvulnerability.io/vulnerability/CVE-2020-11533,,"Ivanti Workspace Control before 10.4.30.0, when SCCM integration is enabled, allows local users to obtain sensitive information (keying material).",Ivanti,Workspace Control,5.5,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2020-04-04T19:02:47.000Z,0
CVE-2019-16382,https://securityvulnerability.io/vulnerability/CVE-2019-16382,,"An issue was discovered in Ivanti Workspace Control 10.3.110.0. One is able to bypass Ivanti's FileGuard folder protection by renaming the WMTemp work folder used by PowerGrid. A malicious PowerGrid XML file can then be created, after which the folder is renamed back to its original value. Also, CVE-2018-15591 exploitation can consequently be achieved by using PowerGrid with the /SEE parameter to execute the arbitrary command specified in the XML file.",Ivanti,Workspace Control,9.8,CRITICAL,0.0030799999367445707,false,false,false,false,,false,false,2020-03-19T16:57:41.000Z,0
CVE-2019-19675,https://securityvulnerability.io/vulnerability/CVE-2019-19675,,"In Ivanti Workspace Control before 10.3.180.0. a locally authenticated user with low privileges can bypass Managed Application Security by leveraging an unspecified attack vector in Workspace Preferences, when it is enabled. As a result, the attacker can start applications that should be blocked.",Ivanti,Workspace Control,7.8,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2019-12-17T14:42:22.000Z,0
CVE-2019-10885,https://securityvulnerability.io/vulnerability/CVE-2019-10885,,An issue was discovered in Ivanti Workspace Control before 10.3.90.0. Local authenticated users with low privileges in a Workspace Control managed session can bypass Workspace Control security features configured for this session by resetting the session context.,Ivanti,Workspace Control,7.8,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2019-04-05T16:57:14.000Z,0
CVE-2018-15593,https://securityvulnerability.io/vulnerability/CVE-2018-15593,,An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can decrypt the encrypted datastore or relay server password by leveraging an unspecified attack vector.,Ivanti,Workspace Control,7.8,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2018-10-15T16:00:00.000Z,0
CVE-2018-15592,https://securityvulnerability.io/vulnerability/CVE-2018-15592,,An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can execute processes with elevated privileges via an unspecified attack vector.,Ivanti,Workspace Control,7.8,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2018-10-15T16:00:00.000Z,0
CVE-2018-15591,https://securityvulnerability.io/vulnerability/CVE-2018-15591,,An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can bypass Application Whitelisting restrictions to execute arbitrary code by leveraging multiple unspecified attack vectors.,Ivanti,Workspace Control,7.8,HIGH,0.00046999999904073775,false,false,false,false,,false,false,2018-10-15T16:00:00.000Z,0
CVE-2018-15590,https://securityvulnerability.io/vulnerability/CVE-2018-15590,,"An issue was discovered in Ivanti Workspace Control before 10.3.0.0 and RES One Workspace, when file and folder security are configured. A local authenticated user can bypass file and folder security restriction by leveraging an unspecified attack vector.",Ivanti,Workspace Control,5.5,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2018-10-15T16:00:00.000Z,0