CVE-2023-32217

Published Jun 5, 2023

Last updated a year ago

CVSS high 8.8

Overview

Description: IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow an authenticated user to invoke a Java constructor with no arguments or a Java constructor with a single Map argument in any Java class available in the IdentityIQ application classpath.
Source: psirt@sailpoint.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-470
psirt@sailpoint.com: CWE-470

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sailpoint:identityiq:8.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "331C62A4-620B-483A-87A6-9AA51679AF92"
          },
          {
            "criteria": "cpe:2.3:a:sailpoint:identityiq:8.0:patch1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C84FC633-5B3C-4A40-A588-EF3AF509BBE9"
          },
          {
            "criteria": "cpe:2.3:a:sailpoint:identityiq:8.0:patch2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6080940F-819D-468F-90B7-D1E135020777"
          },
          {
            "criteria": "cpe:2.3:a:sailpoint:identityiq:8.0:patch3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E018B45E-96CF-45C2-B405-3AFCC683BF9C"
          },
          {
            "criteria": "cpe:2.3:a:sailpoint:identityiq:8.0:patch4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE18C753-3EE9-49C4-A99F-4429E0B20A1A"
          },
          {
            "criteria": "cpe:2.3:a:sailpoint:identityiq:8.1:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "00C8E5FB-5B6D-4C1B-AEFE-C884B28392D8"
          },
          {
            "criteria": "cpe:2.3:a:sailpoint:identityiq:8.1:patch1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "216615A8-0E21-4597-871C-AC121BF0E150"
          },
          {
            "criteria": "cpe:2.3:a:sailpoint:identityiq:8.1:patch2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "35ECC22F-B2A2-4750-B995-2944F12C1BFF"
          },
          {
            "criteria": "cpe:2.3:a:sailpoint:identityiq:8.1:patch3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9ECEF57B-DA34-402A-86F0-713A3683A172"
          },
          {
            "criteria": "cpe:2.3:a:sailpoint:identityiq:8.1:patch4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1815D4C7-50FC-45DA-8130-E9258CAFBD09"
          },
          {
            "criteria": "cpe:2.3:a:sailpoint:identityiq:8.1:patch5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F784765E-8B3C-4F96-B57A-E6E7AECE628C"
          },
          {
            "criteria": "cpe:2.3:a:sailpoint:identityiq:8.2:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "224129BF-667F-4F6A-8E9A-15390F6FA3D5"
          },
          {
            "criteria": "cpe:2.3:a:sailpoint:identityiq:8.2:patch1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A8C2668-C1F1-4A67-A2B3-99B5746C6A52"
          },
          {
            "criteria": "cpe:2.3:a:sailpoint:identityiq:8.2:patch2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A9D91EB5-EC8E-4200-9245-13E37312343D"
          },
          {
            "criteria": "cpe:2.3:a:sailpoint:identityiq:8.2:patch4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63352C53-ADD8-49CD-B9E6-648183BDED68"
          },
          {
            "criteria": "cpe:2.3:a:sailpoint:identityiq:8.3:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1173CC53-CBE5-450C-96BF-8583D1B3D185"
          },
          {
            "criteria": "cpe:2.3:a:sailpoint:identityiq:8.3:patch1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C0F5E55-5D33-425F-9DA7-49FE66CD84C4"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References