CVE-2019-10885

An issue was discovered in Ivanti Workspace Control before 10.3.90.0. Local authenticated users with low privileges in a Workspace Control managed session can bypass Workspace Control security features configured for this session by resetting the session context.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
VendorProductVersion
ivantiworkspace_control
𝑥
< 10.3.90.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/156792/Ivanti-Workspace-Manager-Security-Bypass.html
https://community.ivanti.com/docs/DOC-74552
http://packetstormsecurity.com/files/156792/Ivanti-Workspace-Manager-Security-Bypass.html
https://community.ivanti.com/docs/DOC-74552