CVE-2022-45435

EPSS 0.22%
Veröffentlicht 31.01.2023 15:15:08
Zuletzt bearbeitet 21.11.2024 07:29:15
Quelle psirt@sailpoint.com
CVE-Watchlists
Login
Unerledigt
Login

IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6, and all prior versions allow authenticated users assigned the Identity Administrator capability or any custom capability that contains the SetIdentityForwarding right to modify the work item forwarding configuration for identities other than the ones that should be allowed by Lifecycle Manager Quicklink Population configuration.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sailpoint ≫ Identityiq Version < 8.0

Sailpoint ≫ Identityiq Version8.0 Update-

Sailpoint ≫ Identityiq Version8.0 Updatepatch1

Sailpoint ≫ Identityiq Version8.0 Updatepatch2

Sailpoint ≫ Identityiq Version8.0 Updatepatch3

Sailpoint ≫ Identityiq Version8.0 Updatepatch4

Sailpoint ≫ Identityiq Version8.0 Updatepatch5

Sailpoint ≫ Identityiq Version8.1 Update-

Sailpoint ≫ Identityiq Version8.1 Updatepatch1

Sailpoint ≫ Identityiq Version8.1 Updatepatch2

Sailpoint ≫ Identityiq Version8.1 Updatepatch3

Sailpoint ≫ Identityiq Version8.1 Updatepatch4

Sailpoint ≫ Identityiq Version8.1 Updatepatch5

Sailpoint ≫ Identityiq Version8.1 Updatepatch6

Sailpoint ≫ Identityiq Version8.2 Update-

Sailpoint ≫ Identityiq Version8.2 Updatepatch1

Sailpoint ≫ Identityiq Version8.2 Updatepatch2

Sailpoint ≫ Identityiq Version8.2 Updatepatch4

Sailpoint ≫ Identityiq Version8.3 Update-

Sailpoint ≫ Identityiq Version8.3 Updatepatch1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.22%	0.44

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
psirt@sailpoint.com	6.8	1.6	5.2	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://www.sailpoint.com/security-advisories/sailpoint-identityiq-identity-forwarding-vulnerability-cve-2022-45435/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-45435

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-45435

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-45435

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-45435