CVE-2024-2227

IdentityIQ (SailPoint) is affected by a JavaServer Faces path traversal vulnerability (JSF 2.2.20) that allows reading arbitrary files from the application server filesystem. Root cause: path traversal in JSF 2.2.20, as described in CVE-2020-6950 lineage. Affected IdentityIQ versions include 8.3 ...