Skip to main content

Incorrect Default Permissions

CVE-2019-19675

Severity Medium
Score 4.4/10

Summary

In Ivanti Workspace Control before 10.3.180.0. a locally authenticated user with low privileges can bypass Managed Application Security by leveraging an unspecified attack vector in Workspace Preferences, when it is enabled. As a result, the attacker can start applications that should be blocked.

  • MEDIUM
  • LOCAL
  • NONE
  • PARTIAL
  • PARTIAL
  • PARTIAL

CWE-276 - Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References

Advisory Timeline

  • Published