Lucene search

SailPointVULNRICHMENT:CVE-2024-3317

HistoryMay 15, 2024 - 3:55 p.m.

CVE-2024-3317 SailPoint Identity Security Cloud Improper Access Control

2024-05-1515:55:07

CWE-1284

SailPoint

github.com

improper access control

sailpoint

identity security cloud

api

exfiltration

authenticated user

tenants

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.2%

JSON

An improper access control was identified in the Identity Security Cloud (ISC) message server API that allowed an authenticated user to exfiltrate job processing metadata (opaque messageIDs, work queue depth and counts) for other tenants.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Identity Security Cloud",
    "vendor": "SailPoint",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

www.sailpoint.com/security-advisories/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for VULNRICHMENT:CVE-2024-3317