Filtered by vendor Ivanti Subscriptions
Filtered by product Automation Subscriptions
Total 8 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-9845 1 Ivanti 1 Automation 2024-12-19 7.8 High
Under specific circumstances, insecure permissions in Ivanti Automation before version 2024.4.0.1 allows a local authenticated attacker to achieve local privilege escalation.
CVE-2024-38656 1 Ivanti 2 Automation, Connect Secure 2024-12-01 9.1 Critical
Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2022-44569 1 Ivanti 1 Automation 2024-11-21 7.8 High
A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication.
CVE-2024-44106 1 Ivanti 2 Automation, Workspace Control 2024-09-18 8.8 High
Insufficient server-side controls in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.
CVE-2024-44105 1 Ivanti 2 Automation, Workspace Control 2024-09-18 8.2 High
Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to obtain OS credentials.
CVE-2024-44104 1 Ivanti 2 Automation, Workspace Control 2024-09-18 8.8 High
An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.
CVE-2024-44103 1 Ivanti 2 Automation, Workspace Control 2024-09-18 8.8 High
DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.
CVE-2024-8320 1 Ivanti 2 Automation, Endpoint Manager 2024-09-13 5.3 Medium
Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices.