Lucene search

SailPointCVELIST:CVE-2024-1714

HistoryFeb 21, 2024 - 4:57 p.m.

CVE-2024-1714 Access Request for Entitlement Values with Leading/Trailing Whitespace

2024-02-2116:57:19

CWE-20

SailPoint

www.cve.org

cve

identityiq

lifecycle manager

access request

entitlement values

whitespace

authenticated user

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated user in an access request.

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "product": "IdentityIQ",
    "vendor": "SailPoint",
    "versions": [
      {
        "lessThan": "8.2p7",
        "status": "affected",
        "version": "8.2",
        "versionType": "semver"
      },
      {
        "lessThan": "8.3p4",
        "status": "affected",
        "version": "8.3",
        "versionType": "semver"
      },
      {
        "lessThan": "8.4p1",
        "status": "affected",
        "version": "8.4",
        "versionType": "semver"
      }
    ]
  }
]

References

www.sailpoint.com/security-advisories/sailpoint-identityiq-access-request-for-entitlement-values-with-leading-trailing-whitespace-cve-2024-1714/

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-1714