CVE-2019-10885

EUVD-2019-2607
An issue was discovered in Ivanti Workspace Control before 10.3.90.0. Local authenticated users with low privileges in a Workspace Control managed session can bypass Workspace Control security features configured for this session by resetting the session context.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
Affected Products (NVD)
VendorProductVersion
ivantiworkspace_control
𝑥
< 10.3.90.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/156792/Ivanti-Workspace-Manager-Security-Bypass.html
https://community.ivanti.com/docs/DOC-74552
http://packetstormsecurity.com/files/156792/Ivanti-Workspace-Manager-Security-Bypass.html
https://community.ivanti.com/docs/DOC-74552