CVE-2024-2228 — Improper Privilege Management in Identityiq

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

8.8HIGHNVD

CNA7.1

EPSS

0.2%

top 56.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sailpoint Identityiq

Timeline

PublishedMar 22

Description

This vulnerability allows an authenticated user to perform a Lifecycle Manager flow or other QuickLink for a target user outside of the defined QuickLink Population.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5sailpoint/identityiq8.1 — 8.1p7+3

▶NVDsailpoint/identityiq< 8.1+4

🔴Vulnerability Details

CVEList

IdentityIQ Authorization of QuickLink Target Identities Vulnerability↗2024-03-22

▶

GHSA

GHSA-wv97-q48c-w5m2: This vulnerability allows an authenticated user to perform a Lifecycle Manager flow or other QuickLink for a target user outside of the defined QuickL↗2024-03-22

▶