CVE-2017-11463
Ivanti Service Desk (LANDESK Management Suite) 2016.3–2017.3 has an Unrestricted Direct Object Reference allowing normal users to reference/update objects belonging to others by sending a URI with a target username, enabling retrieval of keys/tokens to access user profiles, tickets, incidents, et...