Lucene search

[email protected]NVD:CVE-2024-3317

HistoryMay 15, 2024 - 4:15 p.m.

CVE-2024-3317

2024-05-1516:15:10

CWE-1284

[email protected]

web.nvd.nist.gov

improper access control

identity security cloud

api

authenticated user

exfiltrate

processing metadata

other tenants

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

9.0%

JSON

An improper access control was identified in the Identity Security Cloud (ISC) message server API that allowed an authenticated user to exfiltrate job processing metadata (opaque messageIDs, work queue depth and counts) for other tenants.

References

www.sailpoint.com/security-advisories/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for NVD:CVE-2024-3317

cvelist1 cve1 vulnrichment1