CVE-2018-15593
First published: Mon Oct 15 2018(Updated: )
An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can decrypt the encrypted datastore or relay server password by leveraging an unspecified attack vector.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ivanti Workspace Control | <10.3.10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/149616/Ivanti-Workspace-Control-Registry-Stored-Credentials.html
- http://seclists.org/fulldisclosure/2018/Oct/3
- https://community.ivanti.com/docs/DOC-69693
- https://seclists.org/bugtraq/2018/Oct/5
- https://www.securify.nl/en/advisory/SFY20180804/stored-credentials-ivanti-workspace-control-can-be-retrieved-from-registry.html
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2018-15593.
What is the severity of CVE-2018-15593?
The severity of CVE-2018-15593 is high with a severity value of 7.8.
Which software is affected by CVE-2018-15593?
Ivanti Workspace Control versions up to 10.3.10.0 and RES One Workspace are affected by CVE-2018-15593.
How does CVE-2018-15593 impact users?
A local authenticated user can decrypt the encrypted datastore or relay server password through an unspecified attack vector.
Is there a fix available for CVE-2018-15593?
Yes, Ivanti Workspace Control version 10.3.10.0 and above address the vulnerability.
- collector/nvd-index
- agent/references
- agent/author
- agent/severity
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/ivanti
- canonical/ivanti workspace control