Vulnerability Details CVE-2021-36235
An issue was discovered in Ivanti Workspace Control before 10.6.30.0. A locally authenticated user with low privileges can bypass File and Folder Security by leveraging an unspecified attack vector. As a result, the attacker can start applications with elevated privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.0%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 4.6
References
- https://forums.ivanti.com/s/article/A-locally-authenticated-user-with-low-privileges-can-bypass-the-File-and-Folder-Security-by-leveraging-an-unspecified-attack-vector
- https://forums.ivanti.com/s/article/A-locally-authenticated-user-with-low-privileges-can-bypass-the-File-and-Folder-Security-by-leveraging-an-unspecified-attack-vector
Products affected by CVE-2021-36235
-
cpe:2.3:a:ivanti:workspace_control:-
-
cpe:2.3:a:ivanti:workspace_control:10.1.0.0
-
cpe:2.3:a:ivanti:workspace_control:10.2.0.0
-
cpe:2.3:a:ivanti:workspace_control:10.2.0.1
-
cpe:2.3:a:ivanti:workspace_control:10.2.500.1
-
cpe:2.3:a:ivanti:workspace_control:10.2.600.1
-
cpe:2.3:a:ivanti:workspace_control:10.2.700.1
-
cpe:2.3:a:ivanti:workspace_control:10.2.800.0
-
cpe:2.3:a:ivanti:workspace_control:10.2.900.1
-
cpe:2.3:a:ivanti:workspace_control:10.2.950.0
-
cpe:2.3:a:ivanti:workspace_control:10.3.0.0
-
cpe:2.3:a:ivanti:workspace_control:10.3.10.0
-
cpe:2.3:a:ivanti:workspace_control:10.3.110.0
-
cpe:2.3:a:ivanti:workspace_control:10.3.180.0
-
cpe:2.3:a:ivanti:workspace_control:10.3.20.0
-
cpe:2.3:a:ivanti:workspace_control:10.3.30.0
-
cpe:2.3:a:ivanti:workspace_control:10.3.40.0
-
cpe:2.3:a:ivanti:workspace_control:10.3.50.0
-
cpe:2.3:a:ivanti:workspace_control:10.3.90.0
-
cpe:2.3:a:ivanti:workspace_control:10.4.30.0
-
cpe:2.3:a:ivanti:workspace_control:10.4.40.0
-
cpe:2.3:a:ivanti:workspace_control:10.4.50.0