Major Release 2025.2 (10.19.0.0)
Bug Fixes
The following security issues have been resolved in this release:
|
Problem ID |
Title |
| CVE-2024-8012 | An authentication bypass weakness in the message broker service of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. |
|
CVE-2024-44103 |
DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. |
|
CVE-2024-44104 |
An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. |
| CVE-2024-44105 | Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to obtain OS credentials. . |
| CVE-2024-44106 | Insufficient server-side controls in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. |
|
CVE-2024-44107 |
DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution. |
This release includes all fixes from version 10.18.60.0 and earlier.