This vulnerability allows access to arbitrary files in the application server file system due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950. The remediation for this vulnerability contained in this security fix provides additional changes to the remediation announced in May 2021 tracked by ETN IIQSAW-3585 and January 2024 tracked by IIQFW-336. This vulnerability in IdentityIQ is assigned CVE-2024-2227.
The vulnerability results from a path traversal flaw present in the JavaServer Faces (JSF) 2.2.20 library, originally documented in CVE-2020-6950. SailPoint issued earlier patches in May 2021 (ETN IIQSAW-3585) and in January 2024 (IIQFW-336), however CVE-2024-2227 indicates the need for additional changes as part of the remediation. An attacker, without any authentication, can craft an HTTP request containing path traversal sequences to escape the allowed application directory and read server system files.
An attacker can gain unauthorized access to arbitrary operating system files on the server, which may lead to disclosure of sensitive configuration data, credentials, private keys, or other sensitive information. Due to the scope of the vulnerability (high scores for confidentiality, integrity, and availability in CVSS), the impact may include complete takeover of control over the application environment.
Patches available from the vendor should be applied according to the references (https://www.sailpoint.com/security-advisories/). The patch complements earlier remediation measures IIQSAW-3585 (May 2021) and IIQFW-336 (January 2024) and should be installed immediately.
SailPoint IdentityIQ — versions indicated in vendor references (SailPoint Security Advisories)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HSailpoint Identityiq
APPSailpoint8.18.28.38.4< 8.1
Related vulnerabilities
SailPoint IdentityIQ — nieautoryzowany dostęp do chronionych zasobów statycznych
IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6...
This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the request...
IdentityIQ 8.5, IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p4, IdentityIQ 8.3 and all 8.3 patch level...
This vulnerability allows an authenticated user to perform a Lifecycle Manager flow or other QuickLink for a t...