Products

Solutions

Company

Book A Live Demo

CVE-2017-11463 : Security Advisory and Response

Learn about CVE-2017-11463, a vulnerability in Ivanti Service Desk versions 2016.3 to 2017.3 allowing unauthorized access to objects. Find mitigation steps and prevention measures here.

A vulnerability known as Unrestricted Direct Object Reference in Ivanti Service Desk (previously LANDESK Management Suite) versions 2016.3 to 2017.3 allows unauthorized users to access and modify objects belonging to other users.

Understanding CVE-2017-11463

This CVE involves a security flaw in Ivanti Service Desk that enables users to manipulate objects not assigned to them, potentially compromising sensitive data.

What is CVE-2017-11463?

Between versions 2016.3 and 2017.3 of Ivanti Service Desk, the Unrestricted Direct Object Reference vulnerability permits users to reference or update objects that are not their own, leading to unauthorized access and modification.

The Impact of CVE-2017-11463

This vulnerability allows regular users to exploit the system, retrieve sensitive information, and make unauthorized changes to various objects within the service desk platform.

Technical Details of CVE-2017-11463

Ivanti Service Desk vulnerability details and exploitation mechanisms.

Vulnerability Description

The flaw in Ivanti Service Desk versions 2016.3 to 2017.3 enables users to send requests with a target user's username in the HTTP payload, granting access to keys or tokens for unauthorized object manipulation.

Affected Systems and Versions

Product: Ivanti Service Desk

Vendor: Ivanti

Versions: 2016.3 to 2017.3

Exploitation Mechanism

Unauthorized users can send requests to specific URIs with target user information, allowing them to access and modify objects like user profiles, tickets, and incidents belonging to other users.

Mitigation and Prevention

Steps to mitigate and prevent the exploitation of CVE-2017-11463.

Immediate Steps to Take

Implement access controls to restrict user permissions.

Regularly monitor and audit user activities within the service desk platform.

Apply security patches and updates provided by Ivanti.

Long-Term Security Practices

Conduct regular security training for users to raise awareness of data protection.

Employ encryption methods to secure sensitive data within the service desk.

Patching and Updates

Ensure timely installation of security patches released by Ivanti to address the Unrestricted Direct Object Reference vulnerability.

CVE-2017-11463 : Security Advisory and Response

Understanding CVE-2017-11463

What is CVE-2017-11463?

The Impact of CVE-2017-11463

Technical Details of CVE-2017-11463

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now

CVE-2017-11463 : Security Advisory and Response

.css-lczsrn{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:24px;font-weight:700;margin-top:1rem;font-family:sans-serif;}Understanding CVE-2017-11463

.css-ru2q5j{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:1.2rem;font-weight:700;margin-top:1rem;margin-bottom:0rem;font-family:sans-serif;}What is CVE-2017-11463?

The Impact of CVE-2017-11463

Technical Details of CVE-2017-11463

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities? Find Out Now

Understanding CVE-2017-11463

What is CVE-2017-11463?

Is your System Free of Underlying Vulnerabilities?
Find Out Now