IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow an authenticated user to invoke a Java constructor with no arguments or a Java constructor with a single Map argument in any Java class available in the IdentityIQ application classpath.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:HSailpoint Identityiq
APPSailpoint8.08.18.28.3
Powiązane podatności
SailPoint IdentityIQ — nieautoryzowany dostęp do chronionych zasobów statycznych
Path Traversal w SailPoint IdentityIQ — dostęp do dowolnych plików serwera
This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the request...
IdentityIQ 8.5, IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p4, IdentityIQ 8.3 and all 8.3 patch level...
This vulnerability allows an authenticated user to perform a Lifecycle Manager flow or other QuickLink for a t...