CVE-2024-2227

Опубликовано: 22 мар. 2024

Источник: nvd

CVSS3: 10

CVSS3: 7.5

EPSS Низкий

Описание

This vulnerability allows access to arbitrary files in the application server file system due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950. The remediation for this vulnerability contained in this security fix provides additional changes to the remediation announced in May 2021 tracked by ETN IIQSAW-3585 and January 2024 tracked by IIQFW-336. This vulnerability in IdentityIQ is assigned CVE-2024-2227.

Ссылки

https://www.sailpoint.com/security-advisories/
Vendor Advisory
https://www.sailpoint.com/security-advisories/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sailpoint:identityiq:*:*:*:*:*:*:*:*

Версия до 8.1 (исключая)

cpe:2.3:a:sailpoint:identityiq:8.1:patch1:*:*:*:*:*:*

cpe:2.3:a:sailpoint:identityiq:8.1:patch2:*:*:*:*:*:*

cpe:2.3:a:sailpoint:identityiq:8.1:patch3:*:*:*:*:*:*

cpe:2.3:a:sailpoint:identityiq:8.1:patch4:*:*:*:*:*:*

cpe:2.3:a:sailpoint:identityiq:8.1:patch5:*:*:*:*:*:*

cpe:2.3:a:sailpoint:identityiq:8.1:patch6:*:*:*:*:*:*

cpe:2.3:a:sailpoint:identityiq:8.2:-:*:*:*:*:*:*

cpe:2.3:a:sailpoint:identityiq:8.2:patch1:*:*:*:*:*:*

cpe:2.3:a:sailpoint:identityiq:8.2:patch2:*:*:*:*:*:*

cpe:2.3:a:sailpoint:identityiq:8.2:patch4:*:*:*:*:*:*

cpe:2.3:a:sailpoint:identityiq:8.2:patch5:*:*:*:*:*:*

cpe:2.3:a:sailpoint:identityiq:8.3:-:*:*:*:*:*:*

cpe:2.3:a:sailpoint:identityiq:8.3:patch1:*:*:*:*:*:*

cpe:2.3:a:sailpoint:identityiq:8.3:patch2:*:*:*:*:*:*

cpe:2.3:a:sailpoint:identityiq:8.4:-:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.00609

Низкий

10 Critical

CVSS3

7.5 High

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-84w8-jv98-6r25

CVSS3: 10

github

почти 2 года назад

EPSS

Процентиль: 69%

0.00609

Низкий

10 Critical

CVSS3

7.5 High

CVSS3

Дефекты

CWE-22