Ivanti Workspace_control
22 CVEs affecting Ivanti Workspace_control. Latest disclosed: 2025-06-10. Critical: 1, High: 18.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-16382 | Critical | 9.8 | 2020-03-19 | An issue was discovered in Ivanti Workspace Control 10.3.110.0. One is able to bypass Ivanti's FileGuard folder protection by renaming the WMTemp work folder u… |
CVE-2025-5353 | High | 8.8 | 2025-06-10 | A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials. |
CVE-2025-22455 | High | 8.8 | 2025-06-10 | A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials. |
CVE-2024-44107 | High | 8.8 | 2024-09-10 | DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their p… |
CVE-2024-44106 | High | 8.8 | 2024-09-10 | Insufficient server-side controls in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker… |
CVE-2024-44104 | High | 8.8 | 2024-09-10 | An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control before version 20… |
CVE-2024-44103 | High | 8.8 | 2024-09-10 | DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their p… |
CVE-2024-44105 | High | 8.2 | 2024-09-10 | Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authent… |
CVE-2024-8496 | High | 7.8 | 2024-12-11 | Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local… |
CVE-2024-8012 | High | 7.8 | 2024-09-10 | An authentication bypass weakness in the message broker service of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated atta… |
CVE-2021-36235 | High | 7.8 | 2021-09-01 | An issue was discovered in Ivanti Workspace Control before 10.6.30.0. A locally authenticated user with low privileges can bypass File and Folder Security by l… |
CVE-2019-17066 | High | 7.8 | 2020-05-18 | In Ivanti WorkSpace Control before 10.4.40.0, a user can elevate rights on the system by hijacking certain user registries. This is possible because pwrgrid.ex… |
CVE-2019-19675 | High | 7.8 | 2019-12-17 | In Ivanti Workspace Control before 10.3.180.0. a locally authenticated user with low privileges can bypass Managed Application Security by leveraging an unspec… |
CVE-2019-10885 | High | 7.8 | 2019-04-05 | An issue was discovered in Ivanti Workspace Control before 10.3.90.0. Local authenticated users with low privileges in a Workspace Control managed session can… |
CVE-2018-15593 | High | 7.8 | 2018-10-15 | An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can decrypt the encrypted datastore or r… |
CVE-2018-15592 | High | 7.8 | 2018-10-15 | An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can execute processes with elevated priv… |
CVE-2018-15591 | High | 7.8 | 2018-10-15 | An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can bypass Application Whitelisting rest… |
CVE-2019-19138 | High | 7.5 | 2021-12-15 | Ivanti Workspace Control before 10.4.50.0 allows attackers to degrade integrity. |
CVE-2025-22463 | High | 7.3 | 2025-06-10 | A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt the stored environment password. |
CVE-2022-21823 | Medium | 5.5 | 2022-01-10 | A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control <2021.2 (10.7.30.0) that could allow an attacker with locally auth… |