CVE-2024-3317

An improper access control was identified in the Identity Security Cloud ISC message server API that allowed an authenticated user to exfiltrate job processing metadata opaque messageIDs, work queue depth and counts for other tenants...

CVE-2024-3319

An issue was identified in the Identity Security Cloud ISC Transform preview and IdentityProfile preview API endpoints that allowed an authenticated administrator to execute user-defined templates as part of attribute transforms which could allow remote code execution on the host...

CVE-2024-3319

An issue was identified in the Identity Security Cloud ISC Transform preview and IdentityProfile preview API endpoints that allowed an authenticated administrator to execute user-defined templates as part of attribute transforms which could allow remote code execution on the host...

CVE-2024-3317

An improper access control was identified in the Identity Security Cloud ISC message server API that allowed an authenticated user to exfiltrate job processing metadata opaque messageIDs, work queue depth and counts for other tenants...

CVE-2024-3317 SailPoint Identity Security Cloud Improper Access Control

An improper access control was identified in the Identity Security Cloud ISC message server API that allowed an authenticated user to exfiltrate job processing metadata opaque messageIDs, work queue depth and counts for other tenants...

CVE-2024-3317

CVE-2024-3317 involves SailPoint Identity Security Cloud (ISC) message server API showing improper access control. An authenticated user can exfiltrate job processing metadata (opaque messageIDs, work queue depth and counts) for other tenants. This is described across multiple sources (NVD, Red H...

CVE-2024-3319

CVE-2024-3319 affects SailPoint Identity Security Cloud (ISC) Transform preview and IdentityProfile preview API endpoints. An authenticated administrator could execute user-defined templates as part of attribute transforms, enabling remote code execution on the host. Root cause: templating code e...

SailPoint Identity Security Cloud 安全漏洞

SailPoint Identity Security Cloud is a secure identity platform from SailPoint, Inc. A security vulnerability exists in SailPoint Identity Security Cloud that stems from allowing authenticated administrators to execute user-defined templates as part of an attribute transformation, allowing remote...

PT-2024-25145 · Sailpoint · Sailpoint Identity Security Cloud

Name of the Vulnerable Software and Affected Versions: SailPoint Identity Security Cloud affected versions not specified Description: An issue was identified in the Identity Security Cloud ISC Transform preview and IdentityProfile preview API endpoints that allowed an authenticated administrator ...

PT-2024-25140 · Unknown · Identity Security Cloud

Name of the Vulnerable Software and Affected Versions: Identity Security Cloud ISC affected versions not specified Description: An issue was found in the Identity Security Cloud ISC message server API, related to improper access control. This allowed an authenticated user to access job processing...