← voltar
CVE-2023-32217

SailPoint IdentityIQ Unsafe use of Reflection Vulnerability

CVSS 9 CRITICALEPSS 0.6%CWE-470
IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow an authenticated user to invoke a Java constructor with no arguments or a Java constructor with a single Map argument in any Java class available in the IdentityIQ application classpath.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Produtos afetados
SailPoint · IdentityIQ

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.sailpoint.com/security-advisories/sailpoint-identityiq-unsafe-use-of-reflection-vulnerability-cve-2023-32217/