Lucene search

SailPointCVELIST:CVE-2024-3318

HistoryMay 15, 2024 - 3:49 p.m.

CVE-2024-3318 SailPoint Identity Security Cloud Connector File Path Traversal Vulnerability

2024-05-1515:49:36

CWE-22

SailPoint

www.cve.org

cve-2024-3318

file path traversal

delimitedfileconnector

cloud connector

administrator

attribute

file access

4.2 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N

4.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.7%

JSON

A file path traversal vulnerability was identified in the DelimitedFileConnector Cloud Connector that allowed an authenticated administrator to set arbitrary connector attributes, including the “file“ attribute, which in turn allowed the user to access files uploaded for other sources.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Identity Security Cloud",
    "vendor": "SailPoint",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

www.sailpoint.com/security-advisories/

4.2 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N

4.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.7%

JSON

Related for CVELIST:CVE-2024-3318