7.1
CVE-2024-1714
- EPSS 0.34%
- Veröffentlicht 21.02.2024 17:15:09
- Zuletzt bearbeitet 30.09.2025 16:56:44
- Quelle psirt@sailpoint.com
- CVE-Watchlists
- Unerledigt
Access Request for Entitlement Values with Leading/Trailing Whitespace
An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated user in an access request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sailpoint ≫ Identityiq Version8.1 Update-
Sailpoint ≫ Identityiq Version8.1 Updatepatch1
Sailpoint ≫ Identityiq Version8.1 Updatepatch2
Sailpoint ≫ Identityiq Version8.1 Updatepatch3
Sailpoint ≫ Identityiq Version8.1 Updatepatch4
Sailpoint ≫ Identityiq Version8.1 Updatepatch5
Sailpoint ≫ Identityiq Version8.1 Updatepatch6
Sailpoint ≫ Identityiq Version8.2 Update-
Sailpoint ≫ Identityiq Version8.2 Updatepatch1
Sailpoint ≫ Identityiq Version8.2 Updatepatch2
Sailpoint ≫ Identityiq Version8.2 Updatepatch4
Sailpoint ≫ Identityiq Version8.3 Update-
Sailpoint ≫ Identityiq Version8.3 Updatepatch1
Sailpoint ≫ Identityiq Version8.4 Update-
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.34% | 0.26 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.1 | 1.3 | 5.3 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L
|
| psirt@sailpoint.com | 7.1 | 1.3 | 5.3 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
https://www.sailpoint.com/security-advisories/sailpoint-identityiq-access-request-for-entitlement-values-with-leading-trailing-whitespace-cve-2024-1714/