CVE-2017-11463 - OpenCVE

In Ivanti Service Desk (formerly LANDESK Management Suite) versions between 2016.3 and 2017.3, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users. In other words, a normal user can send requests to a specific URI with the target user's username in an HTTP payload in order to retrieve a key/token and use it to access/update objects belonging to other users. Such objects could be user profiles, tickets, incidents, etc.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ivanti	Endpoint Manager

Configuration 1 [-]

OR	cpe:2.3:a:ivanti:endpoint_manager:2016.4:::::::*
	cpe:2.3:a:ivanti:endpoint_manager:2017.1:::::::*
	cpe:2.3:a:ivanti:endpoint_manager:2017.3:::::::*

No data.

References

Link	Providers
https://community.ivanti.com/docs/DOC-66252
https://gist.github.com/lazyhack3r/439e92419c552b5dc82b2f5e832c8bfb

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-12-11T06:00:00

Updated: 2024-08-05T18:12:39.572Z

Reserved: 2017-07-19T00:00:00

Link: CVE-2017-11463

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-12-11T06:29:00.223

Modified: 2018-03-28T01:29:06.857

Link: CVE-2017-11463

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-12-11T00:00:00", "descriptions": [{"lang": "en", "value": "In Ivanti Service Desk (formerly LANDESK Management Suite) versions between 2016.3 and 2017.3, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users. In other words, a normal user can send requests to a specific URI with the target user's username in an HTTP payload in order to retrieve a key/token and use it to access/update objects belonging to other users. Such objects could be user profiles, tickets, incidents, etc."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-03-27T15:57:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://gist.github.com/lazyhack3r/439e92419c552b5dc82b2f5e832c8bfb"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://community.ivanti.com/docs/DOC-66252"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-11463", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Ivanti Service Desk (formerly LANDESK Management Suite) versions between 2016.3 and 2017.3, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users. In other words, a normal user can send requests to a specific URI with the target user's username in an HTTP payload in order to retrieve a key/token and use it to access/update objects belonging to other users. Such objects could be user profiles, tickets, incidents, etc."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://gist.github.com/lazyhack3r/439e92419c552b5dc82b2f5e832c8bfb", "refsource": "MISC", "url": "https://gist.github.com/lazyhack3r/439e92419c552b5dc82b2f5e832c8bfb"}, {"name": "https://community.ivanti.com/docs/DOC-66252", "refsource": "CONFIRM", "url": "https://community.ivanti.com/docs/DOC-66252"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T18:12:39.572Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gist.github.com/lazyhack3r/439e92419c552b5dc82b2f5e832c8bfb"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://community.ivanti.com/docs/DOC-66252"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-11463", "datePublished": "2017-12-11T06:00:00", "dateReserved": "2017-07-19T00:00:00", "dateUpdated": "2024-08-05T18:12:39.572Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ivanti:endpoint_manager:2016.4:*:*:*:*:*:*:*", "matchCriteriaId": "E0B26FE2-0C8A-4C51-81CC-90A9C128B0E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:endpoint_manager:2017.1:*:*:*:*:*:*:*", "matchCriteriaId": "41392D7B-D79D-4682-B8D8-0B770FE1C3EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:endpoint_manager:2017.3:*:*:*:*:*:*:*", "matchCriteriaId": "0FA6FEF1-C2E1-438B-A2A4-C4210E6EB3C3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Ivanti Service Desk (formerly LANDESK Management Suite) versions between 2016.3 and 2017.3, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users. In other words, a normal user can send requests to a specific URI with the target user's username in an HTTP payload in order to retrieve a key/token and use it to access/update objects belonging to other users. Such objects could be user profiles, tickets, incidents, etc."}, {"lang": "es", "value": "En Ivanti Service Desk (anteriormente LANDESK Management Suite) entre las versiones 2016.3 y 2017.3, una referencia directa a objetos no restringida conduce a la referencia/actualizaci\u00f3n de objetos que pertenecen a otros usuarios. En otras palabras, un usuario normal puede enviar peticiones a un URI espec\u00edfico con el nombre de usuario del usuario objetivo en una carga \u00fatil HTTP para recuperar una clave/token y emplearla para acceder/actualizar objetos pertenecientes a otros usuarios. Dichos objetos podr\u00edan ser perfiles, tickets, incidentes, etc."}], "id": "CVE-2017-11463", "lastModified": "2018-03-28T01:29:06.857", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-12-11T06:29:00.223", "references": [{"source": "cve@mitre.org", "url": "https://community.ivanti.com/docs/DOC-66252"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://gist.github.com/lazyhack3r/439e92419c552b5dc82b2f5e832c8bfb"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-275"}], "source": "nvd@nist.gov", "type": "Primary"}]}