Identityiq
CVE-2024-1714
HIGH
Severity by source
AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L
Primary rating from Vendor (sailpoint) · only source for this CVE.
CVSS VectorVendor: sailpoint
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L
Lifecycle Timeline
1DescriptionCVE.org
An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated user in an access request.
AnalysisAI
An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-20. An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated user in an access request. Affected products include: Sailpoint Identityiq.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Identityiq
View allIdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, Identity
This vulnerability allows an authenticated user to perform a Lifecycle Manager flow or other QuickLink for a target user
IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, Identity
IdentityIQ 8.5, all IdentityIQ 8.5 patch levels prior to 8.5p2, IdentityIQ 8.4, and all IdentityIQ 8.4 patch levels prio
This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assi
This vulnerability allows access to arbitrary files in the application server file system due to a path traversal vulner
IdentityIQ 8.5, IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p4, IdentityIQ 8.3 and all 8.3 patch levels includin
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today