Sensitive Information Exposure in Ivanti Workspace Control
CVE-2020-11533

5.5MEDIUM

Key Information:

Vendor: Ivanti
Status: Workspace Control
Vendor: CVE Published:; 4 April 2020

Summary

Ivanti Workspace Control versions prior to 10.4.30.0, when integrated with SCCM, have a vulnerability that permits local users with low privileges to extract sensitive keying material. This makes it possible for unauthorized access to critical data components, representing a potential risk for local attackers. Proper mitigation and updates are essential to safeguard sensitive information against this exposure.

References

https://forums.ivanti.com/s/article/A-locally-authenticat...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 4, 2020
Vulnerability Reserved
Apr 4, 2020