CVE-2022-46835Path Traversal in Identityiq

CWE-22Path Traversal4 documents4 sources
Severity
7.5HIGHNVD
CNA6.5
EPSS
0.5%
top 34.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Sailpoint Identityiq
Timeline
PublishedJan 31
Latest updateJul 8

Description

IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow access to arbitrary files in the application server filesystem due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5sailpoint/identityiq8.38.3p1+3
NVDsailpoint/identityiq4 versions+3

🔴Vulnerability Details

2
CVEList
SailPoint IdentityIQ JavaServer File Path Traversal Vulnerability2023-01-31
GHSA
GHSA-rhj5-wv7v-f365: IdentitylQ 82023-01-31

📋Vendor Advisories

1
Microsoft
GitHub: CVE-2025-46835 Git File Overwrite Vulnerability2025-07-08
CVE-2022-46835 — Path Traversal in Sailpoint Identityiq | cvebase