File and Folder Security Bypass in Ivanti Workspace Control
CVE-2018-15590

5.5MEDIUM

Key Information:

Vendor
Ivanti
Status
Workspace Control
Vendor
CVE Published:
15 October 2018

Summary

A vulnerability exists in Ivanti Workspace Control and RES One Workspace that allows local authenticated users to bypass specified file and folder security restrictions when configured improperly. The risk arises when users exploit an unspecified attack vector to access restricted data, potentially leading to unauthorized file access and data leakage.

References

https://seclists.org/bugtraq/2018/Oct/10
mailing-listx_refsource_BUGTRAQ
https://community.ivanti.com/docs/DOC-69682
x_refsource_CONFIRM
https://www.securify.nl/en/advisory/SFY20180803/ivanti-wo...
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.