VYPR

Workspace Control

by Ivanti

CVEs (22)

  • CVE-2019-16382CriMar 19, 2020
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in Ivanti Workspace Control 10.3.110.0. One is able to bypass Ivanti's FileGuard folder protection by renaming the WMTemp work folder used by PowerGrid. A malicious PowerGrid XML file can then be created, after which the folder is renamed back to its…

  • CVE-2025-5353HigJun 10, 2025
    risk 0.57cvss 8.8epss 0.00

    A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials.

  • CVE-2025-22455HigJun 10, 2025
    risk 0.57cvss 8.8epss 0.00

    A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials.

  • CVE-2024-44107HigSep 10, 2024
    risk 0.57cvss 8.8epss 0.00

    DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution.

  • CVE-2024-44106HigSep 10, 2024
    risk 0.57cvss 8.8epss 0.00

    Insufficient server-side controls in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.

  • CVE-2024-44104HigSep 10, 2024
    risk 0.57cvss 8.8epss 0.00

    An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.

  • CVE-2024-44103HigSep 10, 2024
    risk 0.57cvss 8.8epss 0.00

    DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.

  • CVE-2024-44105HigSep 10, 2024
    risk 0.53cvss 8.2epss 0.00

    Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to obtain OS credentials.

  • CVE-2024-8496HigDec 11, 2024
    risk 0.51cvss 7.8epss 0.00

    Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalation.

  • CVE-2024-8012HigSep 10, 2024
    risk 0.51cvss 7.8epss 0.00

    An authentication bypass weakness in the message broker service of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.

  • CVE-2021-36235HigSep 1, 2021
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in Ivanti Workspace Control before 10.6.30.0. A locally authenticated user with low privileges can bypass File and Folder Security by leveraging an unspecified attack vector. As a result, the attacker can start applications with elevated privileges.

  • CVE-2019-17066HigMay 18, 2020
    risk 0.51cvss 7.8epss 0.00

    In Ivanti WorkSpace Control before 10.4.40.0, a user can elevate rights on the system by hijacking certain user registries. This is possible because pwrgrid.exe first checks the Current User registry hives (HKCU) when starting an application with elevated rights.

  • CVE-2019-19675HigDec 17, 2019
    risk 0.51cvss 7.8epss 0.00

    In Ivanti Workspace Control before 10.3.180.0. a locally authenticated user with low privileges can bypass Managed Application Security by leveraging an unspecified attack vector in Workspace Preferences, when it is enabled. As a result, the attacker can start applications that…

  • CVE-2019-10885HigApr 5, 2019
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in Ivanti Workspace Control before 10.3.90.0. Local authenticated users with low privileges in a Workspace Control managed session can bypass Workspace Control security features configured for this session by resetting the session context.

  • CVE-2018-15593HigOct 15, 2018
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can decrypt the encrypted datastore or relay server password by leveraging an unspecified attack vector.

  • CVE-2018-15592HigOct 15, 2018
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can execute processes with elevated privileges via an unspecified attack vector.

  • CVE-2018-15591HigOct 15, 2018
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can bypass Application Whitelisting restrictions to execute arbitrary code by leveraging multiple unspecified attack vectors.

  • CVE-2019-19138HigDec 15, 2021
    risk 0.49cvss 7.5epss 0.02

    Ivanti Workspace Control before 10.4.50.0 allows attackers to degrade integrity.

  • CVE-2025-22463HigJun 10, 2025
    risk 0.47cvss 7.3epss 0.00

    A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt the stored environment password.

  • CVE-2022-21823MedJan 10, 2022
    risk 0.36cvss 5.5epss 0.00

    A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control <2021.2 (10.7.30.0) that could allow an attacker with locally authenticated low privileges to obtain key information due to an unspecified attack vector.

Page 1 of 2