SailPoint IdentityIQ 安全漏洞

SailPoint IdentityIQ is a security software developed by SailPoint Corporation. It provides credit monitoring, identity protection, and antivirus features. SailPoint IdentityIQ has a security vulnerability that stems from allowing authenticated identity roles to edit role definitions without havi...

CVE-2026-4857 SailPoint IdentityIQ Debug UI Incorrect Authorization

IdentityIQ 8.5, all IdentityIQ 8.5 patch levels prior to 8.5p2, IdentityIQ 8.4, and all IdentityIQ 8.4 patch levels prior to 8.4p4 allow authenticated users assigned the Debug Pages Read Only capability or any custom capability with the ViewAccessDebugPage SPRight to incorrectly create new...

CVE-2026-4857 SailPoint IdentityIQ Debug UI Incorrect Authorization

IdentityIQ 8.5, all IdentityIQ 8.5 patch levels prior to 8.5p2, IdentityIQ 8.4, and all IdentityIQ 8.4 patch levels prior to 8.4p4 allow authenticated users assigned the Debug Pages Read Only capability or any custom capability with the ViewAccessDebugPage SPRight to incorrectly create new...

SailPoint IdentityIQ 安全漏洞

SailPoint IdentityIQ is a complete solution from SailPoint that utilizes artificial intelligence and machine learning to enable seamless automated provisioning. A security vulnerability exists in SailPoint IdentityIQ that stems from the fact that certain IdentityIQ Web services can set the...

EUVD-2019-4467

Malware in sbrugna...

🕵️ Webinar: Discover and Control Shadow AI Agents in Your Enterprise Before Hackers Do

Do you know how many AI agents are running inside your business right now? If the answer is "not sure," you're not alone—and that's exactly the concern. Across industries, AI agents are being set up every day. Sometimes by IT, but often by business units moving fast to get results. That means...

CVE-2019-12889

An unauthenticated privilege escalation exists in SailPoint Desktop Password Reset 7.2. A user with local access to only the Windows logon screen can escalate their privileges to NT AUTHORITY\System. An attacker would need local access to the machine for a successful exploit. The attacker must...

Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access

A critical security vulnerability has been disclosed in SailPoint's IdentityIQ identity and access management IAM software that allows unauthorized access to content stored within the application directory. The flaw, tracked as CVE-2024-10905 , has a CVSS score of 10.0, indicating maximum severit...

SailPoint IdentityIQ 安全漏洞

SailPoint IdentityIQ is a security software from SailPoint, Inc. which provides credit monitoring, identity insurance, and antivirus. A security vulnerability exists in SailPoint IdentityIQ that originates from allowing HTTP access to static content in the application catalog that should be...

CVE-2024-3317 SailPoint Identity Security Cloud Improper Access Control

An improper access control was identified in the Identity Security Cloud ISC message server API that allowed an authenticated user to exfiltrate job processing metadata opaque messageIDs, work queue depth and counts for other tenants...

CVE-2024-3318 SailPoint Identity Security Cloud Connector File Path Traversal Vulnerability

A file path traversal vulnerability was identified in the DelimitedFileConnector Cloud Connector that allowed an authenticated administrator to set arbitrary connector attributes, including the “file“ attribute, which in turn allowed the user to access files uploaded for other sources...

CVE-2024-3319 Security implication in SailPoint Identity Security Cloud IdentityProfile API Endpoints

An issue was identified in the Identity Security Cloud ISC Transform preview and IdentityProfile preview API endpoints that allowed an authenticated administrator to execute user-defined templates as part of attribute transforms which could allow remote code execution on the host...

CVE-2024-3319 Security implication in SailPoint Identity Security Cloud IdentityProfile API Endpoints

An issue was identified in the Identity Security Cloud ISC Transform preview and IdentityProfile preview API endpoints that allowed an authenticated administrator to execute user-defined templates as part of attribute transforms which could allow remote code execution on the host...

SailPoint Identity Security Cloud 安全漏洞

SailPoint Identity Security Cloud is a secure identity platform from SailPoint, Inc. A security vulnerability exists in SailPoint Identity Security Cloud that stems from the presence of incorrect access controls that allow authenticated users to disclose job processing metadata from other tenants...

SailPoint Identity Security Cloud 安全漏洞

SailPoint Identity Security Cloud is a secure identity platform from SailPoint, Inc. A security vulnerability exists in SailPoint Identity Security Cloud that stems from allowing authenticated administrators to execute user-defined templates as part of an attribute transformation, allowing remote...

PT-2024-19297

Name of the Vulnerable Software and Affected Versions SailPoint IdentityIQ affected versions not specified Description The issue is a path traversal vulnerability in JavaServer Faces JSF that allows access to arbitrary files in the application server file system. This can be exploited by an...

SailPoint IdentityIQ Security Vulnerability

SailPoint IdentityIQ is a security software from SailPoint, Inc. which provides credit monitoring, identity insurance, and antivirus. A security vulnerability exists in SailPoint IdentityIQ Lifecycle Manager that stems from improperly limiting parameter values...

CVE-2023-32217 SailPoint IdentityIQ Unsafe use of Reflection Vulnerability

IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow an authenticated user to invoke a Java constructor with no arguments...

CVE-2023-32217 SailPoint IdentityIQ Unsafe use of Reflection Vulnerability

IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow an authenticated user to invoke a Java constructor with no arguments...

CVE-2022-46835 SailPoint IdentityIQ JavaServer File Path Traversal Vulnerability

IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow access to arbitrary files in the application server filesystem due t...