CVE-2023-32217

Опубликовано: 05 июн. 2023

Источник: nvd

CVSS3: 9

CVSS3: 8.8

EPSS Низкий

Описание

IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow an authenticated user to invoke a Java constructor with no arguments or a Java constructor with a single Map argument in any Java class available in the IdentityIQ application classpath.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sailpoint:identityiq:8.0:-:*:*:*:*:*:*

cpe:2.3:a:sailpoint:identityiq:8.0:patch1:*:*:*:*:*:*

cpe:2.3:a:sailpoint:identityiq:8.0:patch2:*:*:*:*:*:*

cpe:2.3:a:sailpoint:identityiq:8.0:patch3:*:*:*:*:*:*

cpe:2.3:a:sailpoint:identityiq:8.0:patch4:*:*:*:*:*:*

cpe:2.3:a:sailpoint:identityiq:8.1:-:*:*:*:*:*:*

cpe:2.3:a:sailpoint:identityiq:8.1:patch1:*:*:*:*:*:*

cpe:2.3:a:sailpoint:identityiq:8.1:patch2:*:*:*:*:*:*

cpe:2.3:a:sailpoint:identityiq:8.1:patch3:*:*:*:*:*:*

cpe:2.3:a:sailpoint:identityiq:8.1:patch4:*:*:*:*:*:*

cpe:2.3:a:sailpoint:identityiq:8.1:patch5:*:*:*:*:*:*

cpe:2.3:a:sailpoint:identityiq:8.2:-:*:*:*:*:*:*

cpe:2.3:a:sailpoint:identityiq:8.2:patch1:*:*:*:*:*:*

cpe:2.3:a:sailpoint:identityiq:8.2:patch2:*:*:*:*:*:*

cpe:2.3:a:sailpoint:identityiq:8.2:patch4:*:*:*:*:*:*

cpe:2.3:a:sailpoint:identityiq:8.3:-:*:*:*:*:*:*

cpe:2.3:a:sailpoint:identityiq:8.3:patch1:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.00603

Низкий

9 Critical

CVSS3

8.8 High

CVSS3

Дефекты

CWE-470

Связанные уязвимости

GHSA-hq36-j573-g8vp

CVSS3: 9

github

больше 2 лет назад

EPSS

Процентиль: 69%

0.00603

Низкий

9 Critical

CVSS3

8.8 High

CVSS3

Дефекты

CWE-470