Lucene search

K
cvelistSailPointCVELIST:CVE-2024-1714
HistoryFeb 21, 2024 - 4:57 p.m.

CVE-2024-1714 Access Request for Entitlement Values with Leading/Trailing Whitespace

2024-02-2116:57:19
CWE-20
SailPoint
www.cve.org
cve
identityiq
lifecycle manager
access request
entitlement values
whitespace
authenticated user

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated user in an access request.

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "product": "IdentityIQ",
    "vendor": "SailPoint",
    "versions": [
      {
        "lessThan": "8.2p7",
        "status": "affected",
        "version": "8.2",
        "versionType": "semver"
      },
      {
        "lessThan": "8.3p4",
        "status": "affected",
        "version": "8.3",
        "versionType": "semver"
      },
      {
        "lessThan": "8.4p1",
        "status": "affected",
        "version": "8.4",
        "versionType": "semver"
      }
    ]
  }
]

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Related for CVELIST:CVE-2024-1714