automation

2023.4

YEAR_BASED 1 CVE

2024.4.0.1

OTHER 1 CVE

2024

SINGLE_NUMBER 1 CVE

0

SINGLE_NUMBER 7 CVEs

CVE-2024-9845

Under specific circumstances, insecure permissions in Ivanti Automation before version 2024.4.0.1 allows a local authenticated attacker to achieve local privilege escalation.

HIGH Dec 11, 2024

CVE-2024-38656

Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

CRITICAL Nov 13, 2024

CVE-2024-8320

Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices.

MEDIUM Sep 10, 2024

CVE-2024-44106

Insufficient server-side controls in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.

HIGH Sep 10, 2024

CVE-2024-44105

Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to obtain OS credentials.

HIGH Sep 10, 2024

CVE-2024-44104

An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.

HIGH Sep 10, 2024

CVE-2024-44103

DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.

HIGH Sep 10, 2024

CVE-2022-44569

A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication.

HIGH Nov 03, 2023