Lucene search

[email protected]CVE-2019-10885

HistoryApr 05, 2019 - 5:29 p.m.

CVE-2019-10885

2019-04-0517:29:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2019-10885

ivanti workspace control

security bypass

local users

session context

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

An issue was discovered in Ivanti Workspace Control before 10.3.90.0. Local authenticated users with low privileges in a Workspace Control managed session can bypass Workspace Control security features configured for this session by resetting the session context.

Affected configurations

NVD

Node

ivantiworkspace_controlRange<10.3.90.0

CPENameOperatorVersion
ivanti:workspace_controlivanti workspace controllt10.3.90.0

CPE	Name	Operator	Version
ivanti:workspace_control	ivanti workspace control	lt	10.3.90.0

References

packetstormsecurity.com/files/156792/Ivanti-Workspace-Manager-Security-Bypass.html

community.ivanti.com/docs/DOC-74552

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2019-10885

nvd1 cvelist1 zdt1 prion1 packetstorm1