📦 Drivelock

An authentication misconfiguration in DriveLock Enterprise Service (DES) allows attackers to impersonate any DriveLock agent on the network. This affects DriveLock tenants running versions 24.1 throug...

A privilege escalation vulnerability in DriveLock allows users with 'Manage roles and permissions' privilege to promote themselves or other users to Supervisor role via API. This affects cloud multi-t...

A Cross-Site Scripting (XSS) vulnerability in DriveLock Operations Center versions 25.1.2 through 25.1.4 allows attackers to inject malicious scripts into web pages. This can lead to session hijacking...

This vulnerability allows local unprivileged users on Windows systems to manipulate privileged DriveLock processes, enabling privilege escalation. Attackers can gain higher privileges than intended, p...

This vulnerability in DriveLock allows attackers to gain elevated privileges, potentially leading to full system compromise. It affects DriveLock versions 24.1.4 before 24.1.5, 24.2.5 before 24.2.6, a...

An unprivileged user can cause a Blue Screen of Death (BSOD) on Windows computers running vulnerable DriveLock versions by sending a specific IOCTL with an unterminated string. This affects DriveLock ...

A local privilege escalation vulnerability in DriveLock allows unprivileged Windows users to manipulate DriveLock processes and execute arbitrary commands with elevated privileges. This affects DriveL...

DriveLock agent versions 24.1-24.2.7 and 25.1-25.1.5 create directories and files with overly permissive access control lists (ACLs). This allows local non-administrator users to trigger unauthorized ...

This vulnerability allows authenticated users of DriveLock to retrieve the computer count of other tenants via the API, potentially exposing organizational information. It affects DriveLock versions 2...