{"vulnerability": "cve-2024-4410", "sightings": [{"uuid": "36f92b8f-5068-4a1f-88a3-043b0e92c6f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44102", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113470191387600513", "content": "", "creation_timestamp": "2024-11-12T13:21:56.048539Z"}, {"uuid": "2ac431ae-3236-41ac-bd9f-b5d58d249a98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44102", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/113470229235884379", "content": "", "creation_timestamp": "2024-11-12T13:31:33.351528Z"}, {"uuid": "d4df57f3-ce4e-44d7-8c49-54b999467173", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44102", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-10", "content": "", "creation_timestamp": "2024-11-14T12:00:00.000000Z"}, {"uuid": "3e022cd3-ba8b-4744-9e73-de86095ca324", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44102", "type": "seen", "source": "Telegram/vx3F3BJMbiZiV8gL1GnrvrtU_2imnhpONtny1JpvzZQ20t4", "content": "", "creation_timestamp": "2025-05-04T05:21:06.000000Z"}, {"uuid": "c98d3ac8-3c86-4b99-8ea3-ee23d22308de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44104", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18208", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-44104\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0)  allows a local authenticated attacker to escalate their privileges.\n\ud83d\udccf Published: 2024-09-10T20:41:33.032Z\n\ud83d\udccf Modified: 2025-06-12T17:01:17.730Z\n\ud83d\udd17 References:\n1. https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-IWC", "creation_timestamp": "2025-06-12T17:35:09.000000Z"}, {"uuid": "335ca6ff-3b6d-4565-9ea3-0a523bdc0d39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44105", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18209", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-44105\n\ud83d\udd25 CVSS Score: 8.2 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0)  allows a local authenticated attacker to obtain OS credentials.\n\ud83d\udccf Published: 2024-09-10T20:43:26.618Z\n\ud83d\udccf Modified: 2025-06-12T16:58:30.314Z\n\ud83d\udd17 References:\n1. https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-IWC", "creation_timestamp": "2025-06-12T17:35:09.000000Z"}, {"uuid": "7eaddb66-f608-484b-99f5-1f096601b47f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44107", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18207", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-44107\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution.\n\ud83d\udccf Published: 2024-09-10T20:47:26.779Z\n\ud83d\udccf Modified: 2025-06-12T17:03:29.008Z\n\ud83d\udd17 References:\n1. https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-IWC", "creation_timestamp": "2025-06-12T17:35:08.000000Z"}, {"uuid": "0ecff9c2-0430-4f62-91ff-c7f81c047fe9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44103", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18206", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-44103\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.\n\ud83d\udccf Published: 2024-09-10T20:39:40.204Z\n\ud83d\udccf Modified: 2025-06-12T17:04:53.415Z\n\ud83d\udd17 References:\n1. https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-IWC", "creation_timestamp": "2025-06-12T17:35:07.000000Z"}, {"uuid": "b75aef43-07a7-4871-997e-689a659186d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44106", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18205", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-44106\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: Insufficient server-side controls in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.\n\ud83d\udccf Published: 2024-09-10T20:45:28.624Z\n\ud83d\udccf Modified: 2025-06-12T17:06:34.123Z\n\ud83d\udd17 References:\n1. https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-IWC", "creation_timestamp": "2025-06-12T17:35:06.000000Z"}, {"uuid": "12f1b48a-2d49-4a90-8b15-99190ff802d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44102", "type": "published-proof-of-concept", "source": "https://t.me/ics_cert/962", "content": "\u06cc\u06a9 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u062f\u0631 \u0646\u0631\u0645\u200c\u0627\u0641\u0632\u0627\u0631 \u0645\u062f\u06cc\u0631\u06cc\u062a \u0648 \u0646\u0638\u0627\u0631\u062a \u0628\u0631 \u0627\u0634\u06cc\u0627\u0621 \u0631\u0627\u0647 \u062f\u0648\u0631 \u062f\u0631 \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc \u062a\u0644\u0647 \u0645\u062a\u0631\u06cc \u0648 \u062a\u0644\u0647\u200c\u0645\u06a9\u0627\u0646\u06cc\u06a9 TeleControl Server Basic \u0628\u0627 \u0646\u0642\u0635 \u062f\u0631 \u0645\u06a9\u0627\u0646\u06cc\u0633\u0645 deserialization \u0647\u0645\u0631\u0627\u0647 \u0627\u0633\u062a. \u0628\u0647\u0631\u0647 \u0628\u0631\u062f\u0627\u0631\u06cc \u0627\u0632 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0647 \u0645\u0647\u0627\u062c\u0645 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0627\u062c\u0627\u0632\u0647 \u062f\u0647\u062f \u062a\u0627 \u06a9\u062f \u062f\u0644\u062e\u0648\u0627\u0647 \u0628\u0627 \u0627\u0645\u062a\u06cc\u0627\u0632\u0627\u062a SYSTEM \u0631\u0627 \u0628\u0627 \u0627\u0631\u0633\u0627\u0644 \u0627\u0634\u06cc\u0627\u0621 \u0633\u0627\u062e\u062a\u0647 \u0634\u062f\u0647 \u062e\u0627\u0635 \u0627\u062c\u0631\u0627 \u06a9\u0646\u062f.\n\n\u200fBDU: 09525-2024\n\u200fCVE-2024-44102\n\n\u0646\u0635\u0628 \u0628\u0647 \u0631\u0648\u0632 \u0631\u0633\u0627\u0646\u06cc \u0627\u0632 \u0645\u0646\u0627\u0628\u0639 \u0642\u0627\u0628\u0644 \u0627\u0639\u062a\u0645\u0627\u062f\n\u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc \u0634\u0648\u062f \u0628\u0647 \u0631\u0648\u0632 \u0631\u0633\u0627\u0646\u06cc \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631 \u0631\u0627 \u062a\u0646\u0647\u0627 \u067e\u0633 \u0627\u0632 \u0627\u0631\u0632\u06cc\u0627\u0628\u06cc \u062a\u0645\u0627\u0645 \u062e\u0637\u0631\u0627\u062a \u0645\u0631\u062a\u0628\u0637 \u0646\u0635\u0628 \u06a9\u0646\u06cc\u062f.\n\n\u0627\u0642\u062f\u0627\u0645\u0627\u062a \u062c\u0628\u0631\u0627\u0646\u06cc:\n- \u062f\u0631 \u0635\u0648\u0631\u062a \u0639\u062f\u0645 \u0627\u0633\u062a\u0641\u0627\u062f\u0647\u060c \u0639\u0645\u0644\u06a9\u0631\u062f \"\u0627\u0636\u0627\u0641\u0647\" \u0631\u0627 \u063a\u06cc\u0631\u0641\u0639\u0627\u0644 \u06a9\u0646\u06cc\u062f.\n- \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0645\u06a9\u0627\u0646\u06cc\u0633\u0645 \u0644\u06cc\u0633\u062a \u0647\u0627\u06cc \"\u0633\u0641\u06cc\u062f\" \u0622\u062f\u0631\u0633 \u0647\u0627\u06cc IP \u0628\u0631\u0627\u06cc \u0633\u0627\u0632\u0645\u0627\u0646\u062f\u0647\u06cc \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631\u0647\u0627\u06cc \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631.\n- \u062a\u0642\u0633\u06cc\u0645 \u0628\u0646\u062f\u06cc \u0634\u0628\u06a9\u0647 \u0628\u0631\u0627\u06cc \u0645\u062d\u062f\u0648\u062f \u06a9\u0631\u062f\u0646 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u0628\u062e\u0634 \u0635\u0646\u0639\u062a\u06cc \u0627\u0632 \u0632\u06cc\u0631\u0634\u0628\u06a9\u0647 \u0647\u0627\u06cc \u062f\u06cc\u06af\u0631.\n- \u0645\u062d\u062f\u0648\u062f\u06cc\u062a \u062f\u0633\u062a\u0631\u0633\u06cc \u0627\u0632 \u0634\u0628\u06a9\u0647 \u0647\u0627\u06cc \u062e\u0627\u0631\u062c\u06cc (\u0627\u06cc\u0646\u062a\u0631\u0646\u062a)\u061b\n- \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0634\u0628\u06a9\u0647 \u0647\u0627\u06cc \u062e\u0635\u0648\u0635\u06cc \u0645\u062c\u0627\u0632\u06cc \u0628\u0631\u0627\u06cc \u0633\u0627\u0632\u0645\u0627\u0646\u062f\u0647\u06cc \u062f\u0633\u062a\u0631\u0633\u06cc \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 (VPN) \u0628\u0647 \u0628\u062e\u0634 \u0635\u0646\u0639\u062a\u06cc.\n- \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0627\u0628\u0632\u0627\u0631\u0647\u0627\u06cc \u0641\u0627\u06cc\u0631\u0648\u0627\u0644 \u0628\u0631\u0627\u06cc \u0645\u062d\u062f\u0648\u062f \u06a9\u0631\u062f\u0646 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631\u0647\u0627\u06cc \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631.\n\n\u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u062a\u0648\u0635\u06cc\u0647 \u0647\u0627\u06cc \u0633\u0627\u0632\u0646\u062f\u0647:\n\u200fhttps://cert-portal.siemens.com/productcert/html/ssa-454789.html\n\n\u26a0\ufe0f\u0628\u06cc\u0627\u0646\u06cc\u0647 \u0633\u0644\u0628 \u0645\u0633\u0626\u0648\u0644\u06cc\u062a\n\ud83c\udfed\u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n\ud83d\udc6e\ud83c\udffd\u200d\u2640\ufe0f\u0647\u0631\u06af\u0648\u0646\u0647 \u0627\u0646\u062a\u0634\u0627\u0631 \u0648 \u0630\u06a9\u0631 \u0645\u0637\u0627\u0644\u0628 \u0628\u062f\u0648\u0646 \u0630\u06a9\u0631 \u062f\u0642\u06cc\u0642 \u0645\u0646\u0628\u0639 \u0648 \u0622\u062f\u0631\u0633 \u0644\u06cc\u0646\u06a9 \u0622\u0646 \u0645\u0645\u0646\u0648\u0639 \u0627\u0633\u062a. \n\u0627\u062f\u0645\u06cc\u0646:\n\u200fhttps://t.me/pedram_kiani\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ics_cert\n\u06af\u0631\u0648\u0647 \u0648\u0627\u062a\u0633 \u0622\u067e :\nhttps://chat.whatsapp.com/FpB620AWEeSKvd8U6cFh33", "creation_timestamp": "2024-11-22T08:35:08.000000Z"}, {"uuid": "3b6c03f4-6d41-492c-82fe-a4080462aa61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44102", "type": "seen", "source": "https://t.me/cvedetector/10614", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-44102 - Siemens PP TeleControl Server Basic Remote Code Execution\", \n  \"Content\": \"CVE ID : CVE-2024-44102 \nPublished : Nov. 12, 2024, 1:15 p.m. | 21\u00a0minutes ago \nDescription : A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 256 to 1000 V3.1 (6NH9910-0AA31-0AD1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 32 to 64 V3.1 (6NH9910-0AA31-0AF1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 64 to 256 V3.1 (6NH9910-0AA31-0AC1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 8 to 32 V3.1 (6NH9910-0AA31-0AB1) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 1000 V3.1 (6NH9910-0AA31-0AD0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 256 V3.1 (6NH9910-0AA31-0AC0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 32 V3.1 (6NH9910-0AA31-0AF0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 5000 V3.1 (6NH9910-0AA31-0AE0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 64 V3.1 (6NH9910-0AA31-0AB0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 8 V3.1 (6NH9910-0AA31-0AA0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic Serv Upgr (6NH9910-0AA31-0GA1) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic Upgr V3.1 (6NH9910-0AA31-0GA0) (All versions < V3.1.2.1 with redundancy configured). The affected system allows remote users to send maliciously crafted objects. Due to insecure deserialization of user-supplied content by the affected software, an unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted serialized object. This could allow the attacker to execute arbitrary code on the device with SYSTEM privileges. \nSeverity: 10.0 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-12T14:41:52.000000Z"}, {"uuid": "63c43cc0-0e1e-4100-86a1-7027cb9fbc0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44103", "type": "seen", "source": "https://t.me/cvedetector/5313", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-44103 - Ivanti Workspace Control DLL Hijacking Privilege Escalation\", \n  \"Content\": \"CVE ID : CVE-2024-44103 \nPublished : Sept. 10, 2024, 9:15 p.m. | 37\u00a0minutes ago \nDescription : DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-11T00:17:27.000000Z"}, {"uuid": "b662f3d6-51f4-4d6f-b3ad-7579094229b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44104", "type": "seen", "source": "https://t.me/cvedetector/5312", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-44104 - Ivanti Workspace Control Privilege Escalation Spoofing\", \n  \"Content\": \"CVE ID : CVE-2024-44104 \nPublished : Sept. 10, 2024, 9:15 p.m. | 37\u00a0minutes ago \nDescription : An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-11T00:17:26.000000Z"}, {"uuid": "333345b0-f6c1-4be9-ad99-81768905ae9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44105", "type": "seen", "source": "https://t.me/cvedetector/5311", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-44105 - Ivanti Workspace Control Unsecured Management Console Credentials Disclosure\", \n  \"Content\": \"CVE ID : CVE-2024-44105 \nPublished : Sept. 10, 2024, 9:15 p.m. | 37\u00a0minutes ago \nDescription : Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to obtain OS credentials. \nSeverity: 8.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-11T00:17:22.000000Z"}, {"uuid": "2021d0aa-0868-4c08-a476-76849d4cc722", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44107", "type": "seen", "source": "https://t.me/cvedetector/5310", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-44107 - Ivanti Workspace Control DLL Hijacking Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-44107 \nPublished : Sept. 10, 2024, 9:15 p.m. | 37\u00a0minutes ago \nDescription : DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-11T00:17:21.000000Z"}, {"uuid": "63796841-8814-4e4f-a41d-228c1f2dbed1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44106", "type": "seen", "source": "https://t.me/cvedetector/5306", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-44106 - Ivanti Workspace Control Server-Side Privilege Escalation\", \n  \"Content\": \"CVE ID : CVE-2024-44106 \nPublished : Sept. 10, 2024, 9:15 p.m. | 37\u00a0minutes ago \nDescription : Insufficient server-side controls in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-11T00:17:15.000000Z"}, {"uuid": "bcac1b0d-fb42-4586-a94f-29385adccb8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4410", "type": "seen", "source": "https://t.me/cvedetector/1746", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-4410 - IgnitionDeck WordPress Crowdfunding Platform Authentication Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-4410 \nPublished : July 27, 2024, 2:15 a.m. | 31\u00a0minutes ago \nDescription : The IgnitionDeck Crowdfunding Platform plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.9.8. This is due to missing capability checks on various functions called via AJAX actions in the ~/classes/class-idf-wizard.php file. This makes it possible for authenticated attackers, with subscriber access or higher, to execute various AJAX actions. This includes actions to change the permalink structure, plugin settings and others. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-27T04:55:05.000000Z"}, {"uuid": "62fcb4af-2a29-4dcb-8f9e-d353b9b699a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44102", "type": "seen", "source": "https://t.me/ZeroEthical_Course/2039", "content": "\u2194\ufe0fCVE-2024-44102 \nSiemens PP TeleControl Server Basic Remote Code Execution\n\n\ud83d\udd34Description : A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 256 to 1000 V3.1 (6NH9910-0AA31-0AD1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 32 to 64 V3.1 (6NH9910-0AA31-0AF1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 64 to 256 V3.1 (6NH9910-0AA31-0AC1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 8 to 32 V3.1 (6NH9910-0AA31-0AB1) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 1000 V3.1 (6NH9910-0AA31-0AD0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 256 V3.1 (6NH9910-0AA31-0AC0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 32 V3.1 (6NH9910-0AA31-0AF0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 5000 V3.1 (6NH9910-0AA31-0AE0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 64 V3.1 (6NH9910-0AA31-0AB0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 8 V3.1 (6NH9910-0AA31-0AA0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic Serv Upgr (6NH9910-0AA31-0GA1) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic Upgr V3.1 (6NH9910-0AA31-0GA0) (All versions < V3.1.2.1 with redundancy configured). The affected system allows remote users to send maliciously crafted objects. Due to insecure deserialization of user-supplied content by the affected software, an unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted serialized object. This could allow the attacker to execute arbitrary code on the device with SYSTEM privileges. \nSeverity: 10.0 | CRITICAL", "creation_timestamp": "2024-11-12T16:19:16.000000Z"}, {"uuid": "e45de55b-771d-41f7-bae1-bf3668d59b98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44102", "type": "seen", "source": "https://t.me/Databreachofficial1/427", "content": "CVE-2024-44102 \nSiemens PP TeleControl Server Basic Remote Code Execution\n\nDescription : A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 256 to 1000 V3.1 (6NH9910-0AA31-0AD1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 32 to 64 V3.1 (6NH9910-0AA31-0AF1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 64 to 256 V3.1 (6NH9910-0AA31-0AC1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 8 to 32 V3.1 (6NH9910-0AA31-0AB1) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 1000 V3.1 (6NH9910-0AA31-0AD0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 256 V3.1 (6NH9910-0AA31-0AC0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 32 V3.1 (6NH9910-0AA31-0AF0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 5000 V3.1 (6NH9910-0AA31-0AE0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 64 V3.1 (6NH9910-0AA31-0AB0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 8 V3.1 (6NH9910-0AA31-0AA0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic Serv Upgr (6NH9910-0AA31-0GA1) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic Upgr V3.1 (6NH9910-0AA31-0GA0) (All versions < V3.1.2.1 with redundancy configured). The affected system allows remote users to send maliciously crafted objects. Due to insecure deserialization of user-supplied content by the affected software, an unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted serialized object. This could allow the attacker to execute arbitrary code on the device with SYSTEM privileges. \nSeverity: 10.0 | CRITICAL", "creation_timestamp": "2024-11-28T13:30:47.000000Z"}]}