Security Bypass in Ivanti Workspace Control by Local Authenticated Users
CVE-2019-10885

7.8HIGH

Key Information:

Vendor: Ivanti
Status: Workspace Control
Vendor: CVE Published:; 5 April 2019

What is CVE-2019-10885?

A vulnerability exists in Ivanti Workspace Control prior to version 10.3.90.0, where local authenticated users with limited privileges can exploit the system by resetting the session context. This action permits them to circumvent security features implemented for the session, potentially compromising the security of the application and the data it handles. It exposes the system to manipulation and unauthorized actions by users who should otherwise be restricted.

References

https://community.ivanti.com/docs/DOC-74552

x_refsource_MISC

http://packetstormsecurity.com/files/156792/Ivanti-Worksp...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 5, 2019
Vulnerability Reserved
Apr 5, 2019