Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2024
CVE-2024-8441
An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM.
CVSS Score
6.7
EPSS Score
0.006
Published
2024-09-10
CVE-2024-44106
Insufficient server-side controls in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.
CVSS Score
8.8
EPSS Score
0.005
Published
2024-09-10
CVE-2024-44107
DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution.
CVSS Score
8.8
EPSS Score
0.003
Published
2024-09-10
CVE-2024-8012
An authentication bypass weakness in the message broker service of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-09-10
CVE-2024-8190
Known exploited
An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.
CVSS Score
7.2
EPSS Score
0.919
Published
2024-09-10
CVE-2024-8191
SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.
CVSS Score
7.8
EPSS Score
0.408
Published
2024-09-10
CVE-2024-44103
DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.
CVSS Score
8.8
EPSS Score
0.004
Published
2024-09-10
CVE-2024-44104
An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.
CVSS Score
8.8
EPSS Score
0.004
Published
2024-09-10
CVE-2024-44105
Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to obtain OS credentials.
CVSS Score
8.2
EPSS Score
0.002
Published
2024-09-10
CVE-2024-45409
The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3.
CVSS Score
10.0
EPSS Score
0.392
Published
2024-09-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved