CVE-2019-10885

{"id": "CVE-2019-10885", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2019-04-05T17:29:00.337", "references": [{"url": "http://packetstormsecurity.com/files/156792/Ivanti-Workspace-Manager-Security-Bypass.html", "source": "cve@mitre.org"}, {"url": "https://community.ivanti.com/docs/DOC-74552", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/156792/Ivanti-Workspace-Manager-Security-Bypass.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://community.ivanti.com/docs/DOC-74552", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Ivanti Workspace Control before 10.3.90.0. Local authenticated users with low privileges in a Workspace Control managed session can bypass Workspace Control security features configured for this session by resetting the session context."}, {"lang": "es", "value": "Se ha descubierto un problema en Ivanti Workspace Control en versiones anteriores a la 10.3.90.0. Los usuarios locales autenticados con bajos privilegios en una sesi\u00f3n gestionada de Workspace Control pueden omitir las funcionalidades de seguridad de Workspace Control configuradas para esta sesi\u00f3n restableciendo el contexto de la misma."}], "lastModified": "2024-11-21T04:20:02.997", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ivanti:workspace_control:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D369C44-DA58-4496-81B1-F252AA85CCE7", "versionEndExcluding": "10.3.90.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}