Identityiq
CVE-2024-2228
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
This vulnerability allows an authenticated user to perform a Lifecycle Manager flow or other QuickLink for a target user outside of the defined QuickLink Population.
AnalysisAI
This vulnerability allows an authenticated user to perform a Lifecycle Manager flow or other QuickLink for a target user outside of the defined QuickLink Population. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Improper Privilege Management (CWE-269), which allows attackers to escalate privileges to gain unauthorized elevated access. This vulnerability allows an authenticated user to perform a Lifecycle Manager flow or other QuickLink for a target user outside of the defined QuickLink Population. Affected products include: Sailpoint Identityiq.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply principle of least privilege, validate privilege transitions, implement proper role separation.
More in Identityiq
View allIdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, Identity
IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, Identity
IdentityIQ 8.5, all IdentityIQ 8.5 patch levels prior to 8.5p2, IdentityIQ 8.4, and all IdentityIQ 8.4 patch levels prio
This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assi
This vulnerability allows access to arbitrary files in the application server file system due to a path traversal vulner
An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value
IdentityIQ 8.5, IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p4, IdentityIQ 8.3 and all 8.3 patch levels includin
Same weakness CWE-269 – Improper Privilege Management
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today