Local Authenticated User Vulnerability in Ivanti Workspace Control
CVE-2018-15593

7.8HIGH

Key Information:

Vendor
Ivanti
Status
Workspace Control
Vendor
CVE Published:
15 October 2018

Summary

A flaw has been identified in Ivanti Workspace Control that allows a local authenticated user to exploit an unspecified attack vector, enabling them to decrypt sensitive data, such as the datastore or relay server password. This presents a significant security risk, as it could lead to unauthorized access to critical system components and sensitive information. Users are advised to review their system configurations and apply the latest updates to mitigate potential exposure.

References

https://www.securify.nl/en/advisory/SFY20180804/stored-cr...
x_refsource_MISC
http://seclists.org/fulldisclosure/2018/Oct/3
mailing-listx_refsource_FULLDISC
https://seclists.org/bugtraq/2018/Oct/5
mailing-listx_refsource_BUGTRAQ

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.