CVE-2017-11463
First published: Mon Dec 11 2017(Updated: )
In Ivanti Service Desk (formerly LANDESK Management Suite) versions between 2016.3 and 2017.3, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users. In other words, a normal user can send requests to a specific URI with the target user's username in an HTTP payload in order to retrieve a key/token and use it to access/update objects belonging to other users. Such objects could be user profiles, tickets, incidents, etc.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ivanti Endpoint Manager | =2016.4 | |
| Ivanti Endpoint Manager | =2017.1 | |
| Ivanti Endpoint Manager | =2017.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this Ivanti Service Desk vulnerability?
The vulnerability ID is CVE-2017-11463.
What is the severity rating of CVE-2017-11463?
The severity rating of CVE-2017-11463 is 8.8 (high).
Which versions of Ivanti Service Desk are affected by CVE-2017-11463?
Ivanti Service Desk versions between 2016.3 and 2017.3 are affected by CVE-2017-11463.
What is the impact of CVE-2017-11463?
CVE-2017-11463 allows a normal user to reference/update objects belonging to other users.
How can I fix CVE-2017-11463 in Ivanti Service Desk?
To fix CVE-2017-11463 in Ivanti Service Desk, you should apply the recommended patches or updates provided by Ivanti.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/ivanti
- canonical/ivanti endpoint manager
- version/ivanti endpoint manager/2016.4
- version/ivanti endpoint manager/2017.1
- version/ivanti endpoint manager/2017.3