Workspace Control

workspace_control

Vendor: Ivanti • 22 CVEs

CVEs (22)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-5353 1Ivanti 1Workspace Control Jul 10, 2025 Jun 10, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials.
CVE-2025-22463 1Ivanti 1Workspace Control Jul 10, 2025 Jun 10, 2025 N/A· v4 7.3 HIGH· v3 N/A· v2 A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt the stored environment password.
CVE-2025-22455 1Ivanti 1Workspace Control Jul 10, 2025 Jun 10, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials.
CVE-2024-8496 1Ivanti 1Workspace Control Dec 13, 2024 Dec 11, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalation.
CVE-2024-8012 1Ivanti 1Workspace Control Jun 12, 2025 Sep 10, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 An authentication bypass weakness in the message broker service of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.
CVE-2024-44107 1Ivanti 1Workspace Control Jun 12, 2025 Sep 10, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution.
CVE-2024-44106 1Ivanti 1Workspace Control Jun 12, 2025 Sep 10, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Insufficient server-side controls in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.
CVE-2024-44105 1Ivanti 1Workspace Control Jun 12, 2025 Sep 10, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to obtain OS credentials.
CVE-2024-44104 1Ivanti 1Workspace Control Jun 12, 2025 Sep 10, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to es...Show more An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.Show less
CVE-2024-44103 1Ivanti 1Workspace Control Jun 12, 2025 Sep 10, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.
CVE-2022-21823 1Ivanti 1Workspace Control Nov 21, 2024 Jan 10, 2022 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control <2021.2 (10.7.30.0) that could allow an attacker with locally authenticated low privileges to obtain key information due to an...Show more A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control <2021.2 (10.7.30.0) that could allow an attacker with locally authenticated low privileges to obtain key information due to an unspecified attack vector.Show less
CVE-2019-19138 1Ivanti 1Workspace Control Nov 21, 2024 Dec 15, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Ivanti Workspace Control before 10.4.50.0 allows attackers to degrade integrity.
CVE-2021-36235 1Ivanti 1Workspace Control Nov 21, 2024 Sep 1, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 An issue was discovered in Ivanti Workspace Control before 10.6.30.0. A locally authenticated user with low privileges can bypass File and Folder Security by leveraging an unspecified attack vector. As a result, the atta...Show more An issue was discovered in Ivanti Workspace Control before 10.6.30.0. A locally authenticated user with low privileges can bypass File and Folder Security by leveraging an unspecified attack vector. As a result, the attacker can start applications with elevated privileges.Show less
CVE-2019-17066 1Ivanti 1Workspace Control Nov 21, 2024 May 18, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In Ivanti WorkSpace Control before 10.4.40.0, a user can elevate rights on the system by hijacking certain user registries. This is possible because pwrgrid.exe first checks the Current User registry hives (HKCU) when st...Show more In Ivanti WorkSpace Control before 10.4.40.0, a user can elevate rights on the system by hijacking certain user registries. This is possible because pwrgrid.exe first checks the Current User registry hives (HKCU) when starting an application with elevated rights.Show less
CVE-2020-11533 1Ivanti 1Workspace Control Nov 21, 2024 Apr 4, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Ivanti Workspace Control before 10.4.30.0, when SCCM integration is enabled, allows local users to obtain sensitive information (keying material).
CVE-2019-16382 1Ivanti 1Workspace Control Nov 21, 2024 Mar 19, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in Ivanti Workspace Control 10.3.110.0. One is able to bypass Ivanti's FileGuard folder protection by renaming the WMTemp work folder used by PowerGrid. A malicious PowerGrid XML file can then be...Show more An issue was discovered in Ivanti Workspace Control 10.3.110.0. One is able to bypass Ivanti's FileGuard folder protection by renaming the WMTemp work folder used by PowerGrid. A malicious PowerGrid XML file can then be created, after which the folder is renamed back to its original value. Also, CVE-2018-15591 exploitation can consequently be achieved by using PowerGrid with the /SEE parameter to execute the arbitrary command specified in the XML file.Show less
CVE-2019-19675 1Ivanti 1Workspace Control Nov 21, 2024 Dec 17, 2019 N/A· v4 7.8 HIGH· v3 4.4 MEDIUM· v2 In Ivanti Workspace Control before 10.3.180.0. a locally authenticated user with low privileges can bypass Managed Application Security by leveraging an unspecified attack vector in Workspace Preferences, when it is enab...Show more In Ivanti Workspace Control before 10.3.180.0. a locally authenticated user with low privileges can bypass Managed Application Security by leveraging an unspecified attack vector in Workspace Preferences, when it is enabled. As a result, the attacker can start applications that should be blocked.Show less
CVE-2019-10885 1Ivanti 1Workspace Control Nov 21, 2024 Apr 5, 2019 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 An issue was discovered in Ivanti Workspace Control before 10.3.90.0. Local authenticated users with low privileges in a Workspace Control managed session can bypass Workspace Control security features configured for thi...Show more An issue was discovered in Ivanti Workspace Control before 10.3.90.0. Local authenticated users with low privileges in a Workspace Control managed session can bypass Workspace Control security features configured for this session by resetting the session context.Show less
CVE-2018-15593 1Ivanti 1Workspace Control Nov 21, 2024 Oct 15, 2018 N/A· v4 7.8 HIGH· v3 2.1 LOW· v2 An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can decrypt the encrypted datastore or relay server password by leveraging an unspecified attack vect...Show more An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can decrypt the encrypted datastore or relay server password by leveraging an unspecified attack vector.Show less
CVE-2018-15592 1Ivanti 1Workspace Control Nov 21, 2024 Oct 15, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can execute processes with elevated privileges via an unspecified attack vector.

12 Next