GCVE - cpe:2.3:a:ivanti:automation:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:ivanti:automation:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Ivanti (`40b984ad-e54c-5e1b-9aa1-2a4cd4d61129`)
Product	Automation (`951facd3-c2fe-5fe1-9c79-853398a745a2`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-9845`	vulnerable	2026-06-03 14:58:22.720259	Details available HIGH (7.8) Under specific circumstances, insecure permissions in Ivanti Automation before version 2024.4.0.1 allows a local authenticated attacker to achieve local privilege escalation. Published: 2024-12-11T16:41:39.804Z Updated: 2024-12-19T04:55:29.963Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Automation-CVE-2024-9845	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-9845`	not_vulnerable	2026-06-03 14:58:22.720105	Details available HIGH (7.8) Under specific circumstances, insecure permissions in Ivanti Automation before version 2024.4.0.1 allows a local authenticated attacker to achieve local privilege escalation. Published: 2024-12-11T16:41:39.804Z Updated: 2024-12-19T04:55:29.963Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Automation-CVE-2024-9845	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-8320`	not_vulnerable	2026-06-03 14:58:18.133833	Details available MEDIUM (5.3) Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices. Published: 2024-09-10T20:52:31.146Z Updated: 2024-09-11T15:19:03.245Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-44106`	not_vulnerable	2026-06-03 14:56:47.558532	Details available HIGH (8.8) Insufficient server-side controls in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges. Published: 2024-09-10T20:45:28.624Z Updated: 2025-06-12T17:06:34.123Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-IWC	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-44105`	not_vulnerable	2026-06-03 14:56:47.558163	Details available HIGH (8.2) Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to obtain OS credentials. Published: 2024-09-10T20:43:26.618Z Updated: 2025-06-12T16:58:30.314Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-IWC	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-44104`	not_vulnerable	2026-06-03 14:56:47.557754	Details available HIGH (8.8) An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges. Published: 2024-09-10T20:41:33.032Z Updated: 2025-06-12T17:01:17.730Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-IWC	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-44103`	not_vulnerable	2026-06-03 14:56:47.556440	Details available HIGH (8.8) DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges. Published: 2024-09-10T20:39:40.204Z Updated: 2025-06-12T17:04:53.415Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-IWC	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-38656`	vulnerable	2026-06-03 14:56:19.240748	Details available CRITICAL (9.1) Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. Published: 2024-11-13T01:54:45.445Z Updated: 2024-12-01T18:25:55.799Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-44569`	vulnerable	2026-06-03 14:48:17.285675	Details available HIGH (8.8) A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication. Published: 2023-11-03T18:13:19.892Z Updated: 2024-09-05T19:11:56.731Z Open on db.gcve.eu Reference links https://help.ivanti.com/res/help/en_US/IA/2023/Admin/Content/relnotes.htm	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.