CVE-2023-32217
SailPoint IdentityIQ Unsafe use of Reflection Vulnerability
CVSS Score
9.0
EPSS Score
0.0%
EPSS Percentile
0th
IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6Β allow an authenticated user to invoke a Java constructor with no arguments or a Java constructor with a single Map argument in any Java class available in the IdentityIQ application classpath.
| CWE | CWE-470 |
| Vendor | sailpoint |
| Product | identityiq |
| Published | May 31, 2023 |
| Last Updated | Jan 10, 2025 |
Stay Ahead of the Next One
Get instant alerts for sailpoint identityiq
Be the first to know when new critical vulnerabilities affecting sailpoint identityiq are published β delivered to Slack, Telegram or Discord.
Get Free Alerts β
Free Β· No credit card Β· 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
SailPoint / IdentityIQ
8.3 β€ 8.3p2 8.2 β€ 8.2p5 8.1 β€ 8.1p6 8.0 β€ 8.0p5
References
Credits
π Recurity Labs GmbH