Vendor CVEs
Ivanti
All CVEs
446 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-28125 | 0.00 | — | 0.02 | May 9, 2023 | An improper authentication vulnerability exists in Avalanche Premise versions 6.3.x and below that could allow an attacker to gain access to the server by registering to receive messages from the server and perform an authentication bypass. | |||
| CVE-2023-28126 | 0.00 | — | 0.67 | May 9, 2023 | An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to gain access by exploiting the SetUser method or can exploit the Race Condition in the authentication message. | |||
| CVE-2022-36982 | 0.00 | — | 0.74 | Mar 29, 2023 | This vulnerability allows remote attackers to read arbitrary files on affected installations of Ivanti Avalanche 6.3.3.101. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within… | |||
| CVE-2022-3091 | 0.00 | — | 0.01 | Jan 17, 2023 | RONDS EPM version 1.19.5 has a vulnerability in which a function could allow unauthenticated users to leak credentials. In some circumstances, an attacker can exploit this vulnerability to execute operating system (OS) commands. | |||
| CVE-2022-2893 | 0.00 | — | 0.01 | Jan 17, 2023 | RONDS EPM version 1.19.5 does not properly validate the filename parameter, which could allow an unauthorized user to specify file paths and download files. | |||
| CVE-2022-35259 | 0.00 | — | 0.01 | Dec 5, 2022 | XML Injection with Endpoint Manager 2022. 3 and below causing a download of a malicious file to run and possibly execute to gain unauthorized privileges. | |||
| CVE-2022-30121 | 0.00 | — | 0.00 | Sep 23, 2022 | The “LANDesk(R) Management Agent” service exposes a socket and once connected, it is possible to launch commands only for signed executables. This is a security bug that allows a limited user to get escalated admin privileges on their system. | |||
| CVE-2022-22571 | 0.00 | — | 0.01 | Apr 11, 2022 | An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Incapptic connect and affects all current versions. | |||
| CVE-2022-27088 | 0.00 | — | 0.01 | Apr 11, 2022 | Ivanti DSM Remote <= 6.3.1.1862 is vulnerable to an unquoted service path allowing local users to launch processes with elevated privileges. | |||
| CVE-2022-21823 | 0.00 | — | 0.00 | Jan 7, 2022 | A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control <2021.2 (10.7.30.0) that could allow an attacker with locally authenticated low privileges to obtain key information due to an unspecified attack vector. | |||
| CVE-2019-19138 | 0.00 | — | 0.02 | Dec 15, 2021 | Ivanti Workspace Control before 10.4.50.0 allows attackers to degrade integrity. | |||
| CVE-2021-42126 | 0.00 | — | 0.04 | Dec 7, 2021 | An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation. | |||
| CVE-2021-42124 | 0.00 | — | 0.03 | Dec 7, 2021 | An improper access control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform a session takeover. | |||
| CVE-2021-36235 | 0.00 | — | 0.01 | Sep 1, 2021 | An issue was discovered in Ivanti Workspace Control before 10.6.30.0. A locally authenticated user with low privileges can bypass File and Folder Security by leveraging an unspecified attack vector. As a result, the attacker can start applications with elevated privileges. | |||
| CVE-2013-4718 | 0.00 | — | 0.01 | Aug 9, 2021 | Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) ITSM 3.0.x before 3.0.9, 3.1.x before 3.1.10, and 3.2.x before 3.2.7 allows remote authenticated users to inject arbitrary web script or HTML via an ITSM ConfigItem search. | |||
| CVE-2021-3540 | 0.00 | — | 0.03 | Jul 22, 2021 | By abusing the 'install rpm info detail' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0. | |||
| CVE-2021-3198 | 0.00 | — | 0.03 | Jul 22, 2021 | By abusing the 'install rpm url' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0. | |||
| CVE-2021-31922 | 0.00 | — | 0.01 | May 14, 2021 | An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolved in 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4, and 18.2R3. | |||
| CVE-2020-13773 | 0.00 | — | 0.01 | Nov 16, 2020 | Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_splitfrm.aspx, /LDMS/licensecheck.aspx, /LDMS/frm_splitcollapse.aspx, /LDMS/alert_log.aspx, /LDMS/ServerList.aspx, /LDMS/frm_coremainfrm.aspx, /LDMS/frm_findfrm.aspx, /LDMS/frm_taskfrm.aspx, and… | |||
| CVE-2020-13769 | 0.00 | — | 0.03 | Nov 16, 2020 | LDMS/alert_log.aspx in Ivanti Endpoint Manager through 2020.1 allows SQL Injection via a /remotecontrolauth/api/device request. | |||
| CVE-2020-13772 | 0.00 | — | 0.02 | Nov 16, 2020 | In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no authentication required. | |||
| CVE-2020-13774 | 0.00 | — | 0.05 | Nov 12, 2020 | An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx file. The issue is caused by insufficient file extension validation and… | |||
| CVE-2020-13770 | 0.00 | — | 0.00 | Nov 12, 2020 | Several services are accessing named pipes in Ivanti Endpoint Manager through 2020.1.1 with default or overly permissive security attributes; as these services run as user ‘NT AUTHORITY\SYSTEM’, the issue can be used to escalate privileges from a local standard or service… | |||
| CVE-2020-13771 | 0.00 | — | 0.01 | Nov 12, 2020 | Various components in Ivanti Endpoint Manager through 2020.1.1 rely on Windows search order when loading a (nonexistent) library file, allowing (under certain conditions) one to gain code execution (and elevation of privileges to the level of privilege held by the vulnerable… | |||
| CVE-2020-11733 | 0.00 | — | 0.02 | Aug 13, 2020 | An issue was discovered on Spirent TestCenter and Avalanche appliance admin interface firmware. An attacker, who already has access to an SSH restricted shell, can achieve root access via shell metacharacters. The attacker can then, for example, read sensitive files such as… | |||
| CVE-2020-13793 | 0.00 | — | 0.02 | Aug 6, 2020 | Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due to a static, hard-coded encryption key. | |||
| CVE-2019-17066 | 0.00 | — | 0.00 | May 18, 2020 | In Ivanti WorkSpace Control before 10.4.40.0, a user can elevate rights on the system by hijacking certain user registries. This is possible because pwrgrid.exe first checks the Current User registry hives (HKCU) when starting an application with elevated rights. | |||
| CVE-2020-12442 | 0.00 | — | 0.02 | Apr 28, 2020 | Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated with the Apache HTTP Server, aka Bug 683250. | |||
| CVE-2020-11533 | 0.00 | — | 0.00 | Apr 4, 2020 | Ivanti Workspace Control before 10.4.30.0, when SCCM integration is enabled, allows local users to obtain sensitive information (keying material). | |||
| CVE-2019-16382 | 0.00 | — | 0.03 | Mar 19, 2020 | An issue was discovered in Ivanti Workspace Control 10.3.110.0. One is able to bypass Ivanti's FileGuard folder protection by renaming the WMTemp work folder used by PowerGrid. A malicious PowerGrid XML file can then be created, after which the folder is renamed back to its… | |||
| CVE-2019-19675 | 0.00 | — | 0.00 | Dec 17, 2019 | In Ivanti Workspace Control before 10.3.180.0. a locally authenticated user with low privileges can bypass Managed Application Security by leveraging an unspecified attack vector in Workspace Preferences, when it is enabled. As a result, the attacker can start applications that… | |||
| CVE-2019-17445 | 0.00 | — | 0.00 | Nov 22, 2019 | An issue was discovered in Eracent EDA, EPA, EPM, EUA, FLW, and SUM Agent through 10.2.26. The agent executable, when installed for non-root operations (scanning), can be forced to copy files from the filesystem to other locations via Symbolic Link Following. | |||
| CVE-2019-12373 | 0.00 | — | 0.01 | Jun 3, 2019 | Improper access control and open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote disclosure of administrator passwords. | |||
| CVE-2019-12374 | 0.00 | — | 0.03 | Jun 3, 2019 | A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 due to improper username sanitization in the Basic Authentication implementation in core/provisioning.secure/ProvisioningSecure.asmx in… | |||
| CVE-2019-12375 | 0.00 | — | 0.01 | Jun 3, 2019 | Open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote information disclosure and arbitrary code execution. | |||
| CVE-2019-12376 | 0.00 | — | 0.01 | Jun 3, 2019 | Use of a hard-coded encryption key in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to full managed endpoint compromise by an authenticated user with read privileges. | |||
| CVE-2019-10885 | 0.00 | — | 0.01 | Apr 5, 2019 | An issue was discovered in Ivanti Workspace Control before 10.3.90.0. Local authenticated users with low privileges in a Workspace Control managed session can bypass Workspace Control security features configured for this session by resetting the session context. | |||
| CVE-2018-20307 | 0.00 | — | 0.01 | Dec 20, 2018 | Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and 10.4r1 allow a remote authenticated user to obtain sensitive historical activity information by leveraging incorrect permission validation. | |||
| CVE-2018-20306 | 0.00 | — | 0.01 | Dec 20, 2018 | A stored cross-site scripting (XSS) vulnerability in the web administration user interface of Pulse Secure Virtual Traffic Manager may allow a remote authenticated attacker to inject web script or HTML via a crafted website and steal sensitive data and credentials. Affected… | |||
| CVE-2018-15590 | 0.00 | — | 0.01 | Oct 15, 2018 | An issue was discovered in Ivanti Workspace Control before 10.3.0.0 and RES One Workspace, when file and folder security are configured. A local authenticated user can bypass file and folder security restriction by leveraging an unspecified attack vector. | |||
| CVE-2018-15591 | 0.00 | — | 0.01 | Oct 15, 2018 | An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can bypass Application Whitelisting restrictions to execute arbitrary code by leveraging multiple unspecified attack vectors. | |||
| CVE-2018-15592 | 0.00 | — | 0.01 | Oct 15, 2018 | An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can execute processes with elevated privileges via an unspecified attack vector. | |||
| CVE-2018-15593 | 0.00 | — | 0.01 | Oct 15, 2018 | An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can decrypt the encrypted datastore or relay server password by leveraging an unspecified attack vector. | |||
| CVE-2014-5361 | 0.00 | — | 0.01 | Apr 21, 2015 | Multiple cross-site request forgery (CSRF) vulnerabilities in Landesk Management Suite 9.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) start, (2) stop, or (3) restart services via a request to remote/serverServices.aspx. | |||
| CVE-2014-5360 | 0.00 | — | 0.01 | Feb 3, 2015 | Cross-site scripting (XSS) vulnerability in the admin interface in LANDESK Management Suite before 9.6 SP1 allows remote attackers to inject arbitrary web script or HTML via the AMTVersion parameter to remote/serverlist_grouptree.aspx. | |||
| CVE-2008-1643 | 0.00 | — | 0.02 | Apr 2, 2008 | Directory traversal vulnerability in the PXE TFTP Service (PXEMTFTP.exe) in LANDesk Management Suite (LDMS) 8.7 SP5 and earlier and 8.8 allows remote attackers to read arbitrary files via unspecified vectors. |
- CVE-2023-28125May 9, 2023risk 0.00cvss —epss 0.02
An improper authentication vulnerability exists in Avalanche Premise versions 6.3.x and below that could allow an attacker to gain access to the server by registering to receive messages from the server and perform an authentication bypass.
- CVE-2023-28126May 9, 2023risk 0.00cvss —epss 0.67
An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to gain access by exploiting the SetUser method or can exploit the Race Condition in the authentication message.
- CVE-2022-36982Mar 29, 2023risk 0.00cvss —epss 0.74
This vulnerability allows remote attackers to read arbitrary files on affected installations of Ivanti Avalanche 6.3.3.101. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within…
- CVE-2022-3091Jan 17, 2023risk 0.00cvss —epss 0.01
RONDS EPM version 1.19.5 has a vulnerability in which a function could allow unauthenticated users to leak credentials. In some circumstances, an attacker can exploit this vulnerability to execute operating system (OS) commands.
- CVE-2022-2893Jan 17, 2023risk 0.00cvss —epss 0.01
RONDS EPM version 1.19.5 does not properly validate the filename parameter, which could allow an unauthorized user to specify file paths and download files.
- CVE-2022-35259Dec 5, 2022risk 0.00cvss —epss 0.01
XML Injection with Endpoint Manager 2022. 3 and below causing a download of a malicious file to run and possibly execute to gain unauthorized privileges.
- CVE-2022-30121Sep 23, 2022risk 0.00cvss —epss 0.00
The “LANDesk(R) Management Agent” service exposes a socket and once connected, it is possible to launch commands only for signed executables. This is a security bug that allows a limited user to get escalated admin privileges on their system.
- CVE-2022-22571Apr 11, 2022risk 0.00cvss —epss 0.01
An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Incapptic connect and affects all current versions.
- CVE-2022-27088Apr 11, 2022risk 0.00cvss —epss 0.01
Ivanti DSM Remote <= 6.3.1.1862 is vulnerable to an unquoted service path allowing local users to launch processes with elevated privileges.
- CVE-2022-21823Jan 7, 2022risk 0.00cvss —epss 0.00
A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control <2021.2 (10.7.30.0) that could allow an attacker with locally authenticated low privileges to obtain key information due to an unspecified attack vector.
- CVE-2019-19138Dec 15, 2021risk 0.00cvss —epss 0.02
Ivanti Workspace Control before 10.4.50.0 allows attackers to degrade integrity.
- CVE-2021-42126Dec 7, 2021risk 0.00cvss —epss 0.04
An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.
- CVE-2021-42124Dec 7, 2021risk 0.00cvss —epss 0.03
An improper access control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform a session takeover.
- CVE-2021-36235Sep 1, 2021risk 0.00cvss —epss 0.01
An issue was discovered in Ivanti Workspace Control before 10.6.30.0. A locally authenticated user with low privileges can bypass File and Folder Security by leveraging an unspecified attack vector. As a result, the attacker can start applications with elevated privileges.
- CVE-2013-4718Aug 9, 2021risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) ITSM 3.0.x before 3.0.9, 3.1.x before 3.1.10, and 3.2.x before 3.2.7 allows remote authenticated users to inject arbitrary web script or HTML via an ITSM ConfigItem search.
- CVE-2021-3540Jul 22, 2021risk 0.00cvss —epss 0.03
By abusing the 'install rpm info detail' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0.
- CVE-2021-3198Jul 22, 2021risk 0.00cvss —epss 0.03
By abusing the 'install rpm url' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0.
- CVE-2021-31922May 14, 2021risk 0.00cvss —epss 0.01
An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolved in 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4, and 18.2R3.
- CVE-2020-13773Nov 16, 2020risk 0.00cvss —epss 0.01
Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_splitfrm.aspx, /LDMS/licensecheck.aspx, /LDMS/frm_splitcollapse.aspx, /LDMS/alert_log.aspx, /LDMS/ServerList.aspx, /LDMS/frm_coremainfrm.aspx, /LDMS/frm_findfrm.aspx, /LDMS/frm_taskfrm.aspx, and…
- CVE-2020-13769Nov 16, 2020risk 0.00cvss —epss 0.03
LDMS/alert_log.aspx in Ivanti Endpoint Manager through 2020.1 allows SQL Injection via a /remotecontrolauth/api/device request.
- CVE-2020-13772Nov 16, 2020risk 0.00cvss —epss 0.02
In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no authentication required.
- CVE-2020-13774Nov 12, 2020risk 0.00cvss —epss 0.05
An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx file. The issue is caused by insufficient file extension validation and…
- CVE-2020-13770Nov 12, 2020risk 0.00cvss —epss 0.00
Several services are accessing named pipes in Ivanti Endpoint Manager through 2020.1.1 with default or overly permissive security attributes; as these services run as user ‘NT AUTHORITY\SYSTEM’, the issue can be used to escalate privileges from a local standard or service…
- CVE-2020-13771Nov 12, 2020risk 0.00cvss —epss 0.01
Various components in Ivanti Endpoint Manager through 2020.1.1 rely on Windows search order when loading a (nonexistent) library file, allowing (under certain conditions) one to gain code execution (and elevation of privileges to the level of privilege held by the vulnerable…
- CVE-2020-11733Aug 13, 2020risk 0.00cvss —epss 0.02
An issue was discovered on Spirent TestCenter and Avalanche appliance admin interface firmware. An attacker, who already has access to an SSH restricted shell, can achieve root access via shell metacharacters. The attacker can then, for example, read sensitive files such as…
- CVE-2020-13793Aug 6, 2020risk 0.00cvss —epss 0.02
Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due to a static, hard-coded encryption key.
- CVE-2019-17066May 18, 2020risk 0.00cvss —epss 0.00
In Ivanti WorkSpace Control before 10.4.40.0, a user can elevate rights on the system by hijacking certain user registries. This is possible because pwrgrid.exe first checks the Current User registry hives (HKCU) when starting an application with elevated rights.
- CVE-2020-12442Apr 28, 2020risk 0.00cvss —epss 0.02
Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated with the Apache HTTP Server, aka Bug 683250.
- CVE-2020-11533Apr 4, 2020risk 0.00cvss —epss 0.00
Ivanti Workspace Control before 10.4.30.0, when SCCM integration is enabled, allows local users to obtain sensitive information (keying material).
- CVE-2019-16382Mar 19, 2020risk 0.00cvss —epss 0.03
An issue was discovered in Ivanti Workspace Control 10.3.110.0. One is able to bypass Ivanti's FileGuard folder protection by renaming the WMTemp work folder used by PowerGrid. A malicious PowerGrid XML file can then be created, after which the folder is renamed back to its…
- CVE-2019-19675Dec 17, 2019risk 0.00cvss —epss 0.00
In Ivanti Workspace Control before 10.3.180.0. a locally authenticated user with low privileges can bypass Managed Application Security by leveraging an unspecified attack vector in Workspace Preferences, when it is enabled. As a result, the attacker can start applications that…
- CVE-2019-17445Nov 22, 2019risk 0.00cvss —epss 0.00
An issue was discovered in Eracent EDA, EPA, EPM, EUA, FLW, and SUM Agent through 10.2.26. The agent executable, when installed for non-root operations (scanning), can be forced to copy files from the filesystem to other locations via Symbolic Link Following.
- CVE-2019-12373Jun 3, 2019risk 0.00cvss —epss 0.01
Improper access control and open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote disclosure of administrator passwords.
- CVE-2019-12374Jun 3, 2019risk 0.00cvss —epss 0.03
A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 due to improper username sanitization in the Basic Authentication implementation in core/provisioning.secure/ProvisioningSecure.asmx in…
- CVE-2019-12375Jun 3, 2019risk 0.00cvss —epss 0.01
Open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote information disclosure and arbitrary code execution.
- CVE-2019-12376Jun 3, 2019risk 0.00cvss —epss 0.01
Use of a hard-coded encryption key in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to full managed endpoint compromise by an authenticated user with read privileges.
- CVE-2019-10885Apr 5, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Ivanti Workspace Control before 10.3.90.0. Local authenticated users with low privileges in a Workspace Control managed session can bypass Workspace Control security features configured for this session by resetting the session context.
- CVE-2018-20307Dec 20, 2018risk 0.00cvss —epss 0.01
Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and 10.4r1 allow a remote authenticated user to obtain sensitive historical activity information by leveraging incorrect permission validation.
- CVE-2018-20306Dec 20, 2018risk 0.00cvss —epss 0.01
A stored cross-site scripting (XSS) vulnerability in the web administration user interface of Pulse Secure Virtual Traffic Manager may allow a remote authenticated attacker to inject web script or HTML via a crafted website and steal sensitive data and credentials. Affected…
- CVE-2018-15590Oct 15, 2018risk 0.00cvss —epss 0.01
An issue was discovered in Ivanti Workspace Control before 10.3.0.0 and RES One Workspace, when file and folder security are configured. A local authenticated user can bypass file and folder security restriction by leveraging an unspecified attack vector.
- CVE-2018-15591Oct 15, 2018risk 0.00cvss —epss 0.01
An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can bypass Application Whitelisting restrictions to execute arbitrary code by leveraging multiple unspecified attack vectors.
- CVE-2018-15592Oct 15, 2018risk 0.00cvss —epss 0.01
An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can execute processes with elevated privileges via an unspecified attack vector.
- CVE-2018-15593Oct 15, 2018risk 0.00cvss —epss 0.01
An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can decrypt the encrypted datastore or relay server password by leveraging an unspecified attack vector.
- CVE-2014-5361Apr 21, 2015risk 0.00cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in Landesk Management Suite 9.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) start, (2) stop, or (3) restart services via a request to remote/serverServices.aspx.
- CVE-2014-5360Feb 3, 2015risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the admin interface in LANDESK Management Suite before 9.6 SP1 allows remote attackers to inject arbitrary web script or HTML via the AMTVersion parameter to remote/serverlist_grouptree.aspx.
- CVE-2008-1643Apr 2, 2008risk 0.00cvss —epss 0.02
Directory traversal vulnerability in the PXE TFTP Service (PXEMTFTP.exe) in LANDesk Management Suite (LDMS) 8.7 SP5 and earlier and 8.8 allows remote attackers to read arbitrary files via unspecified vectors.
Page 9 of 9