← back
CVE-2022-46835

SailPoint IdentityIQ JavaServer File Path Traversal Vulnerability

CVSS 8.8 HIGHEPSS 0.9%CWE-22
IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow access to arbitrary files in the application server filesystem due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
SailPoint · IdentityIQ

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.sailpoint.com/security-advisories/sailpoint-identityiq-file-traversal-vulnerability-cve-2022-46835/