Lucene search

SailPointCVELIST:CVE-2024-3317

HistoryMay 15, 2024 - 3:55 p.m.

CVE-2024-3317 SailPoint Identity Security Cloud Improper Access Control

2024-05-1515:55:07

CWE-1284

SailPoint

www.cve.org

improper access control

isc api

user exfiltration

job processing metadata

authenticated user

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

An improper access control was identified in the Identity Security Cloud (ISC) message server API that allowed an authenticated user to exfiltrate job processing metadata (opaque messageIDs, work queue depth and counts) for other tenants.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Identity Security Cloud",
    "vendor": "SailPoint",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

www.sailpoint.com/security-advisories/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for CVELIST:CVE-2024-3317