An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.
Metrics
Affected Vendors & Products
References
History
Wed, 18 Sep 2024 17:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Ivanti workspace Control
|
|
CPEs | cpe:2.3:a:ivanti:workspace_control:*:*:*:*:*:*:*:* | |
Vendors & Products |
Ivanti workspace Control
|
Wed, 11 Sep 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Ivanti
Ivanti automation |
|
CPEs | cpe:2.3:a:ivanti:automation:*:*:*:*:*:*:*:* | |
Vendors & Products |
Ivanti
Ivanti automation |
|
Metrics |
ssvc
|
Tue, 10 Sep 2024 20:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. | |
Weaknesses | CWE-290 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: ivanti
Published: 2024-09-10T20:41:33.032Z
Updated: 2024-09-12T03:55:32.642Z
Reserved: 2024-08-20T14:55:35.616Z
Link: CVE-2024-44104
Vulnrichment
Updated: 2024-09-11T14:51:04.813Z
NVD
Status : Analyzed
Published: 2024-09-10T21:15:13.727
Modified: 2024-09-18T17:33:06.413
Link: CVE-2024-44104
Redhat
No data.