Cross site request forgery (csrf)

2024-02-2117:15:00

PRIOn knowledge base

www.prio-n.com

cross site request forgery

identityiq lifecycle manager

entitlement

leading whitespace

trailing whitespace

access request

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated user in an access request.

References

www.sailpoint.com/security-advisories/sailpoint-identityiq-access-request-for-entitlement-values-with-leading-trailing-whitespace-cve-2024-1714/