Ivanti Workspace Control
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Ivanti Workspace Control.
By the Year
In 2025 there have been 0 vulnerabilities in Ivanti Workspace Control. Last year, in 2024 Workspace Control had 7 security vulnerabilities published. Right now, Workspace Control is on track to have less security vulnerabilities in 2025 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 0 | 0.00 |
2024 | 7 | 7.80 |
2023 | 0 | 0.00 |
2022 | 1 | 5.50 |
2021 | 2 | 7.65 |
2020 | 3 | 7.70 |
2019 | 2 | 7.80 |
2018 | 4 | 7.23 |
It may take a day or so for new Workspace Control vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Ivanti Workspace Control Security Vulnerabilities
Ivanti Workspace Control: Local Privilege Escalation via Insecure Permissions
CVE-2024-8496
7.8 - High
- December 11, 2024
Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalation.
Incorrect Default Permissions
DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below
CVE-2024-44103
7.8 - High
- September 10, 2024
DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.
Untrusted Path
An incorrectly implemented authentication scheme
CVE-2024-44104
7.8 - High
- September 10, 2024
An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.
Authentication Bypass by Spoofing
Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control version 10.18.0.0 and below
CVE-2024-44105
7.8 - High
- September 10, 2024
Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to obtain OS credentials.
Cleartext Transmission of Sensitive Information
Insufficient server-side controls in the management console of Ivanti Workspace Control version 10.18.0.0 and below
CVE-2024-44106
7.8 - High
- September 10, 2024
Insufficient server-side controls in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.
DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below
CVE-2024-44107
7.8 - High
- September 10, 2024
DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution.
DLL preloading
An authentication bypass weakness in the message broker service of Ivanti Workspace Control version 10.18.0.0 and below
CVE-2024-8012
7.8 - High
- September 10, 2024
An authentication bypass weakness in the message broker service of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.
Missing Authentication for Critical Function
A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control <2021.2 (10.7.30.0)
CVE-2022-21823
5.5 - Medium
- January 10, 2022
A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control <2021.2 (10.7.30.0) that could allow an attacker with locally authenticated low privileges to obtain key information due to an unspecified attack vector.
Insecure Storage of Sensitive Information
Ivanti Workspace Control before 10.4.50.0
CVE-2019-19138
7.5 - High
- December 15, 2021
Ivanti Workspace Control before 10.4.50.0 allows attackers to degrade integrity.
An issue was discovered in Ivanti Workspace Control before 10.6.30.0
CVE-2021-36235
7.8 - High
- September 01, 2021
An issue was discovered in Ivanti Workspace Control before 10.6.30.0. A locally authenticated user with low privileges can bypass File and Folder Security by leveraging an unspecified attack vector. As a result, the attacker can start applications with elevated privileges.
In Ivanti WorkSpace Control before 10.4.40.0, a user can elevate rights on the system by hijacking certain user registries
CVE-2019-17066
7.8 - High
- May 18, 2020
In Ivanti WorkSpace Control before 10.4.40.0, a user can elevate rights on the system by hijacking certain user registries. This is possible because pwrgrid.exe first checks the Current User registry hives (HKCU) when starting an application with elevated rights.
Improper Privilege Management
Ivanti Workspace Control before 10.4.30.0, when SCCM integration is enabled
CVE-2020-11533
5.5 - Medium
- April 04, 2020
Ivanti Workspace Control before 10.4.30.0, when SCCM integration is enabled, allows local users to obtain sensitive information (keying material).
Information Disclosure
An issue was discovered in Ivanti Workspace Control 10.3.110.0
CVE-2019-16382
9.8 - Critical
- March 19, 2020
An issue was discovered in Ivanti Workspace Control 10.3.110.0. One is able to bypass Ivanti's FileGuard folder protection by renaming the WMTemp work folder used by PowerGrid. A malicious PowerGrid XML file can then be created, after which the folder is renamed back to its original value. Also, CVE-2018-15591 exploitation can consequently be achieved by using PowerGrid with the /SEE parameter to execute the arbitrary command specified in the XML file.
In Ivanti Workspace Control before 10.3.180.0
CVE-2019-19675
7.8 - High
- December 17, 2019
In Ivanti Workspace Control before 10.3.180.0. a locally authenticated user with low privileges can bypass Managed Application Security by leveraging an unspecified attack vector in Workspace Preferences, when it is enabled. As a result, the attacker can start applications that should be blocked.
Incorrect Default Permissions
An issue was discovered in Ivanti Workspace Control before 10.3.90.0
CVE-2019-10885
7.8 - High
- April 05, 2019
An issue was discovered in Ivanti Workspace Control before 10.3.90.0. Local authenticated users with low privileges in a Workspace Control managed session can bypass Workspace Control security features configured for this session by resetting the session context.
Permissions, Privileges, and Access Controls
An issue was discovered in Ivanti Workspace Control before 10.3.0.0 and RES One Workspace, when file and folder security are configured
CVE-2018-15590
5.5 - Medium
- October 15, 2018
An issue was discovered in Ivanti Workspace Control before 10.3.0.0 and RES One Workspace, when file and folder security are configured. A local authenticated user can bypass file and folder security restriction by leveraging an unspecified attack vector.
An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace
CVE-2018-15593
7.8 - High
- October 15, 2018
An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can decrypt the encrypted datastore or relay server password by leveraging an unspecified attack vector.
An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace
CVE-2018-15592
7.8 - High
- October 15, 2018
An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can execute processes with elevated privileges via an unspecified attack vector.
Improper Privilege Management
An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace
CVE-2018-15591
7.8 - High
- October 15, 2018
An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can bypass Application Whitelisting restrictions to execute arbitrary code by leveraging multiple unspecified attack vectors.
Exposure of Resource to Wrong Sphere
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Ivanti Workspace Control or by Ivanti? Click the Watch button to subscribe.