Primary

Context

Ivanti Workspace Control Hardcoded Key Vulnerability Allowing Decryption of SQL Credentials

Vulnerability

Patched

A vulnerability exists in Ivanti Workspace Control versions prior to 10.19.0.0, where a hardcoded key allows local authenticated attackers to decrypt stored SQL credentials. This vulnerability could lead to unauthorized access to sensitive database information.

Impact

Exploitation of this vulnerability could result in the decryption of SQL credentials, potentially allowing unauthorized access to databases and the information they contain.

Remediation

Users can upgrade to Ivanti Workspace Control version 10.19.10.0, which addresses this vulnerability. Instructions for migrating to the new IWC architecture are available on the Ivanti help site. Customers who prefer not to upgrade can migrate to Ivanti User Workspace Manager.

Added: Jun 10, 2025, 4:19 PM

Updated: Jun 10, 2025, 4:19 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

3.5

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

3.5

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ivanti Workspace Control Hardcoded Key Vulnerability Allowing Decryption of SQL Credentials

Vulnerability

Impact

Remediation

Affected Products

Ivanti Workspace Control

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating