CVE-2021-36235

7.8HIGH

Key Information:

Vendor: Ivanti
Status: Workspace Control
Vendor: CVE Published:; 1 September 2021

Summary

An issue was discovered in Ivanti Workspace Control before 10.6.30.0. A locally authenticated user with low privileges can bypass File and Folder Security by leveraging an unspecified attack vector. As a result, the attacker can start applications with elevated privileges.

References

https://forums.ivanti.com/s/article/A-locally-authenticat...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 1, 2021
Vulnerability Reserved
Jul 8, 2021

Collectors

NVD DatabaseMitre Database