8.8
CVE-2024-2228
- EPSS 0.21%
- Veröffentlicht 22.03.2024 16:15:09
- Zuletzt bearbeitet 12.11.2025 20:19:38
- Quelle psirt@sailpoint.com
- CVE-Watchlists
- Unerledigt
This vulnerability allows an authenticated user to perform a Lifecycle Manager flow or other QuickLink for a target user outside of the defined QuickLink Population.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
Sailpoint ≫ Identityiq Version < 8.1
Sailpoint ≫ Identityiq Version8.1 Updatepatch1
Sailpoint ≫ Identityiq Version8.1 Updatepatch2
Sailpoint ≫ Identityiq Version8.1 Updatepatch3
Sailpoint ≫ Identityiq Version8.1 Updatepatch4
Sailpoint ≫ Identityiq Version8.1 Updatepatch5
Sailpoint ≫ Identityiq Version8.1 Updatepatch6
Sailpoint ≫ Identityiq Version8.2 Update-
Sailpoint ≫ Identityiq Version8.2 Updatepatch1
Sailpoint ≫ Identityiq Version8.2 Updatepatch2
Sailpoint ≫ Identityiq Version8.2 Updatepatch4
Sailpoint ≫ Identityiq Version8.2 Updatepatch5
Sailpoint ≫ Identityiq Version8.3 Update-
Sailpoint ≫ Identityiq Version8.3 Updatepatch1
Sailpoint ≫ Identityiq Version8.3 Updatepatch2
Sailpoint ≫ Identityiq Version8.4 Update-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.434 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| psirt@sailpoint.com | 7.1 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.