CyberSec.Space Logo
Back to CVE Browser

CVE-2017-11463

HIGH
8.8
CVSS Severity Score
EPSS Score0.2000%
EPSS Percentile13.48th
PublishedDec 11, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

In Ivanti Service Desk (formerly LANDESK Management Suite) versions between 2016.3 and 2017.3, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users. In other words, a normal user can send requests to a specific URI with the target user's username in an HTTP payload in order to retrieve a key/token and use it to access/update objects belonging to other users. Such objects could be user profiles, tickets, incidents, etc.

Affected Platforms (CPE)

πŸ“¦
Ivanti

Endpoint Manager

= 2016.4
πŸ“¦
Ivanti

Endpoint Manager

= 2017.1
πŸ“¦
Ivanti

Endpoint Manager

= 2017.3

References & Advisories

πŸ”— https://community.ivanti.com/docs/DOC-66252
πŸ”— https://gist.github.com/lazyhack3r/439e92419c552b5dc82b2f5e832c8bfb
πŸ”— https://community.ivanti.com/docs/DOC-66252
πŸ”— https://gist.github.com/lazyhack3r/439e92419c552b5dc82b2f5e832c8bfb

Related Vulnerabilities

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...

CVE-2026-121895.3

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzm...

CVE-2026-121886.3

A vulnerability was detected in Grit42 Grit up to 0.11.0. Affected by this issue is some unknown functionality of the file modules...