Workspace Control
Approved changes feed: RSS · Atom
cpe:2.3:a:ivanti:workspace_control:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Ivanti (40b984ad-e54c-5e1b-9aa1-2a4cd4d61129) |
|---|---|
| Product | Workspace Control (da52aa6b-df5b-5bb6-86f8-0f9e507e627d) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-5353 |
vulnerable | 2026-06-03 15:06:27.660135 |
Details available
HIGH (8.8)
A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials.
Published: 2025-06-10T14:39:34.206Z
Updated: 2026-02-26T17:51:03.827Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-5353 |
not_vulnerable | 2026-06-03 15:06:27.660083 |
Details available
HIGH (8.8)
A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials.
Published: 2025-06-10T14:39:34.206Z
Updated: 2026-02-26T17:51:03.827Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-22463 |
vulnerable | 2026-06-03 14:59:40.027871 |
Details available
HIGH (7.3)
A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt the stored environment password.
Published: 2025-06-10T14:39:06.714Z
Updated: 2026-02-26T17:51:04.123Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-22463 |
not_vulnerable | 2026-06-03 14:59:40.027724 |
Details available
HIGH (7.3)
A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt the stored environment password.
Published: 2025-06-10T14:39:06.714Z
Updated: 2026-02-26T17:51:04.123Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-22455 |
vulnerable | 2026-06-03 14:59:39.981290 |
Details available
HIGH (8.8)
A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials.
Published: 2025-06-10T14:38:36.559Z
Updated: 2026-02-26T17:51:04.844Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-22455 |
not_vulnerable | 2026-06-03 14:59:39.981238 |
Details available
HIGH (8.8)
A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials.
Published: 2025-06-10T14:38:36.559Z
Updated: 2026-02-26T17:51:04.844Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-8496 |
vulnerable | 2026-06-03 14:58:18.578696 |
Details available
HIGH (7.8)
Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalation.
Published: 2024-12-11T16:43:09.908Z
Updated: 2024-12-14T04:55:19.443Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-8496 |
not_vulnerable | 2026-06-03 14:58:18.578503 |
Details available
HIGH (7.8)
Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalation.
Published: 2024-12-11T16:43:09.908Z
Updated: 2024-12-14T04:55:19.443Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-8012 |
vulnerable | 2026-06-03 14:58:07.852032 |
Details available
HIGH (7.8)
An authentication bypass weakness in the message broker service of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.
Published: 2024-09-10T20:37:19.762Z
Updated: 2025-06-12T16:56:49.405Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-8012 |
not_vulnerable | 2026-06-03 14:58:07.851868 |
Details available
HIGH (7.8)
An authentication bypass weakness in the message broker service of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.
Published: 2024-09-10T20:37:19.762Z
Updated: 2025-06-12T16:56:49.405Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-44107 |
vulnerable | 2026-06-03 14:56:47.559072 |
Details available
HIGH (8.8)
DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution.
Published: 2024-09-10T20:47:26.779Z
Updated: 2025-06-12T17:03:29.008Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-44107 |
not_vulnerable | 2026-06-03 14:56:47.558914 |
Details available
HIGH (8.8)
DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution.
Published: 2024-09-10T20:47:26.779Z
Updated: 2025-06-12T17:03:29.008Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-44106 |
vulnerable | 2026-06-03 14:56:47.558585 |
Details available
HIGH (8.8)
Insufficient server-side controls in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.
Published: 2024-09-10T20:45:28.624Z
Updated: 2025-06-12T17:06:34.123Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-44106 |
not_vulnerable | 2026-06-03 14:56:47.558563 |
Details available
HIGH (8.8)
Insufficient server-side controls in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.
Published: 2024-09-10T20:45:28.624Z
Updated: 2025-06-12T17:06:34.123Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-44105 |
vulnerable | 2026-06-03 14:56:47.558218 |
Details available
HIGH (8.2)
Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to obtain OS credentials.
Published: 2024-09-10T20:43:26.618Z
Updated: 2025-06-12T16:58:30.314Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-44105 |
not_vulnerable | 2026-06-03 14:56:47.558196 |
Details available
HIGH (8.2)
Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to obtain OS credentials.
Published: 2024-09-10T20:43:26.618Z
Updated: 2025-06-12T16:58:30.314Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-44104 |
vulnerable | 2026-06-03 14:56:47.557813 |
Details available
HIGH (8.8)
An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.
Published: 2024-09-10T20:41:33.032Z
Updated: 2025-06-12T17:01:17.730Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-44104 |
not_vulnerable | 2026-06-03 14:56:47.557791 |
Details available
HIGH (8.8)
An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.
Published: 2024-09-10T20:41:33.032Z
Updated: 2025-06-12T17:01:17.730Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-44103 |
vulnerable | 2026-06-03 14:56:47.557341 |
Details available
HIGH (8.8)
DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.
Published: 2024-09-10T20:39:40.204Z
Updated: 2025-06-12T17:04:53.415Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-44103 |
not_vulnerable | 2026-06-03 14:56:47.557291 |
Details available
HIGH (8.8)
DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.
Published: 2024-09-10T20:39:40.204Z
Updated: 2025-06-12T17:04:53.415Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-21823 |
vulnerable | 2026-06-03 14:46:13.826611 |
Details available
A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control <2021.2 (10.7.30.0) that could allow an attacker with locally authenticated low privileges to obtain key information due to an unspecified attack vector.
Published: 2022-01-07T22:39:51.000Z
Updated: 2024-08-03T02:53:36.259Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-36235 |
vulnerable | 2026-06-03 14:44:57.439313 |
Details available
An issue was discovered in Ivanti Workspace Control before 10.6.30.0. A locally authenticated user with low privileges can bypass File and Folder Security by leveraging an unspecified attack vector. As a result, the attacker can start applications with elevated privileges.
Published: 2021-09-01T00:19:28.000Z
Updated: 2024-08-04T00:54:50.836Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-11533 |
vulnerable | 2026-06-03 14:41:26.283310 |
Details available
Ivanti Workspace Control before 10.4.30.0, when SCCM integration is enabled, allows local users to obtain sensitive information (keying material).
Published: 2020-04-04T19:02:47.000Z
Updated: 2024-08-04T11:35:13.208Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-19675 |
vulnerable | 2026-06-03 14:40:05.369452 |
Details available
In Ivanti Workspace Control before 10.3.180.0. a locally authenticated user with low privileges can bypass Managed Application Security by leveraging an unspecified attack vector in Workspace Preferences, when it is enabled. As a result, the attacker can start applications that should be blocked.
Published: 2019-12-17T14:42:22.000Z
Updated: 2024-08-05T02:25:12.395Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-19138 |
vulnerable | 2026-06-03 14:40:03.923099 |
Details available
Ivanti Workspace Control before 10.4.50.0 allows attackers to degrade integrity.
Published: 2021-12-15T07:07:47.000Z
Updated: 2024-08-05T02:09:39.258Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-17066 |
vulnerable | 2026-06-03 14:39:55.763465 |
Details available
In Ivanti WorkSpace Control before 10.4.40.0, a user can elevate rights on the system by hijacking certain user registries. This is possible because pwrgrid.exe first checks the Current User registry hives (HKCU) when starting an application with elevated rights.
Published: 2020-05-18T21:53:20.000Z
Updated: 2024-08-05T01:33:17.067Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-10885 |
vulnerable | 2026-06-03 14:39:24.559566 |
Details available
An issue was discovered in Ivanti Workspace Control before 10.3.90.0. Local authenticated users with low privileges in a Workspace Control managed session can bypass Workspace Control security features configured for this session by resetting the session context.
Published: 2019-04-05T16:57:14.000Z
Updated: 2024-08-04T22:40:14.938Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-15593 |
vulnerable | 2026-06-03 14:38:14.064664 |
Details available
An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can decrypt the encrypted datastore or relay server password by leveraging an unspecified attack vector.
Published: 2018-10-15T16:00:00.000Z
Updated: 2024-08-05T10:01:53.287Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-15592 |
vulnerable | 2026-06-03 14:38:14.064304 |
Details available
An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can execute processes with elevated privileges via an unspecified attack vector.
Published: 2018-10-15T16:00:00.000Z
Updated: 2024-08-05T10:01:53.616Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-15591 |
vulnerable | 2026-06-03 14:38:14.063950 |
Details available
An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can bypass Application Whitelisting restrictions to execute arbitrary code by leveraging multiple unspecified attack vectors.
Published: 2018-10-15T16:00:00.000Z
Updated: 2024-08-05T10:01:54.472Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-15590 |
vulnerable | 2026-06-03 14:38:14.063492 |
Details available
An issue was discovered in Ivanti Workspace Control before 10.3.0.0 and RES One Workspace, when file and folder security are configured. A local authenticated user can bypass file and folder security restriction by leveraging an unspecified attack vector.
Published: 2018-10-15T16:00:00.000Z
Updated: 2024-08-05T10:01:53.342Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.