PT-2023-15067 · Sailpoint+1 · Sailpoint Identityiq+1

Publicado

2023-01-31

Atualizado

2023-02-08

CVE-2022-46835

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SailPoint IdentityIQ versions 8.0 through 8.0p5 SailPoint IdentityIQ versions 8.1 through 8.1p6 SailPoint IdentityIQ versions 8.2 through 8.2p4 SailPoint IdentityIQ versions 8.3 through 8.3p1

Description The issue allows access to arbitrary files in the application server filesystem due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20.

Recommendations For SailPoint IdentityIQ versions 8.0 through 8.0p5, update to version 8.0p6 or later. For SailPoint IdentityIQ versions 8.1 through 8.1p6, update to version 8.1p7 or later. For SailPoint IdentityIQ versions 8.2 through 8.2p4, update to version 8.2p5 or later. For SailPoint IdentityIQ versions 8.3 through 8.3p1, update to version 8.3p2 or later.

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2022-46835

Produtos afetados

Javaserver Faces

Sailpoint Identityiq

PT-2023-15067 · Sailpoint+1 · Sailpoint Identityiq+1

CVE-2022-46835

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6