CRITICAL🇬🇧 English

CVE-2023-32217

CVSS 9.0v3.1pub. 2023-06-05upd. 2026-02-25

IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow an authenticated user to invoke a Java constructor with no arguments or a Java constructor with a single Map argument in any Java class available in the IdentityIQ application classpath.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
  • Sailpoint Identityiq

    APP
    Sailpoint
    8.08.18.28.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2024-10905CRITICAL10.0PL ✓ten sam produkt

SailPoint IdentityIQ — nieautoryzowany dostęp do chronionych zasobów statycznych

CVE-2024-2227CRITICAL10.0PL ✓ten sam produkt

Path Traversal w SailPoint IdentityIQ — dostęp do dowolnych plików serwera

CVE-2026-5712HIGH8.0ten sam produkt

This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the request...

CVE-2025-10280HIGH7.1ten sam produkt

IdentityIQ 8.5, IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p4, IdentityIQ 8.3 and all 8.3 patch level...

CVE-2024-2228HIGH7.1ten sam produkt

This vulnerability allows an authenticated user to perform a Lifecycle Manager flow or other QuickLink for a t...