CVE-2024-44107

DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution.

Published: Sep 10, 2024
Updated: Jun 13, 2025
CVE: CVE-2024-44107
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-427

Affected Software
References

Software	From	Fixed in
ivanti / workspace_control	-	10.18.99.0

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-IWC

Vulnerability Database

291,049

CVE-2024-44107