Insecure Storage of Sensitive Information in Ivanti Workspace Control
CVE-2022-21823

5.5MEDIUM

Key Information:

Vendor: Ivanti
Status: Ivanti Workspace Control
Vendor: CVE Published:; 10 January 2022

Summary

An insecure storage of sensitive information vulnerability has been identified in Ivanti Workspace Control prior to version 2021.2 (10.7.30.0). This security flaw permits a locally authenticated user with low privileges to access key information that should be protected. The exposure of this information may lead to potential data breaches or further exploitation, emphasizing the need for timely updates and proper configuration to enhance security measures.

Affected Version(s)

Ivanti Workspace Control 2021.2 (10.7.30.0)

References

https://forums.ivanti.com/s/article/A-locally-authenticat...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 10, 2022
Vulnerability Reserved
Dec 10, 2021