← back
CVE-2024-3317

SailPoint Identity Security Cloud Improper Access Control

CVSS 6.5 MEDIUMEPSS 0.4%CWE-1284
An improper access control was identified in the Identity Security Cloud (ISC) message server API that allowed an authenticated user to exfiltrate job processing metadata (opaque messageIDs, work queue depth and counts) for other tenants.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected products
SailPoint · Identity Security Cloud

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.sailpoint.com/security-advisories/