Ivanti: >> Workspace Control >> 10.3.110.0 Security Vulnerabilities
Ivanti Workspace Control before 10.4.50.0 allows attackers to degrade integrity.
CVSS Score
7.5
EPSS Score
0.016
Published
2021-12-15
An issue was discovered in Ivanti Workspace Control before 10.6.30.0. A locally authenticated user with low privileges can bypass File and Folder Security by leveraging an unspecified attack vector. As a result, the attacker can start applications with elevated privileges.
CVSS Score
7.8
EPSS Score
0.003
Published
2021-09-01
In Ivanti WorkSpace Control before 10.4.40.0, a user can elevate rights on the system by hijacking certain user registries. This is possible because pwrgrid.exe first checks the Current User registry hives (HKCU) when starting an application with elevated rights.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-05-18
Ivanti Workspace Control before 10.4.30.0, when SCCM integration is enabled, allows local users to obtain sensitive information (keying material).
CVSS Score
5.5
EPSS Score
0.002
Published
2020-04-04
An issue was discovered in Ivanti Workspace Control 10.3.110.0. One is able to bypass Ivanti's FileGuard folder protection by renaming the WMTemp work folder used by PowerGrid. A malicious PowerGrid XML file can then be created, after which the folder is renamed back to its original value. Also, CVE-2018-15591 exploitation can consequently be achieved by using PowerGrid with the /SEE parameter to execute the arbitrary command specified in the XML file.
CVSS Score
9.8
EPSS Score
0.156
Published
2020-03-19
In Ivanti Workspace Control before 10.3.180.0. a locally authenticated user with low privileges can bypass Managed Application Security by leveraging an unspecified attack vector in Workspace Preferences, when it is enabled. As a result, the attacker can start applications that should be blocked.
CVSS Score
7.8
EPSS Score
0.002
Published
2019-12-17
Page 2