CVE-2024-1714 — Improper Input Validation in Identityiq

CWE-20 — Improper Input Validation2 documents2 sources

Severity

7.1HIGHNVD

EPSS

0.1%

top 77.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sailpoint Identityiq

Timeline

PublishedFeb 21

Description

An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated user in an access request.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:LExploitability: 1.3 | Impact: 5.3

Affected Packages2 packages

▶CVEListV5sailpoint/identityiq8.2 — 8.2p7+2

▶NVDsailpoint/identityiq4 versions+3

🔴Vulnerability Details

CVEList

Access Request for Entitlement Values with Leading/Trailing Whitespace↗2024-02-21

▶