Application Whitelisting Bypass in Ivanti Workspace Control by Local Authenticated User
CVE-2018-15591

7.8HIGH

Key Information:

Vendor
Ivanti
Status
Workspace Control
Vendor
CVE Published:
15 October 2018

Summary

An exploit was found in Ivanti Workspace Control versions prior to 10.3.10.0 and RES One Workspace, allowing a local authenticated user to bypass application whitelisting measures. This vulnerability can be exploited through various unspecified attack vectors, enabling the execution of arbitrary code and potentially compromising the integrity and security of the affected systems.

References

http://seclists.org/fulldisclosure/2018/Oct/4
mailing-listx_refsource_FULLDISC
https://community.ivanti.com/docs/DOC-69684
x_refsource_CONFIRM
http://packetstormsecurity.com/files/149614/Ivanti-Worksp...
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.