CVE-2022-45435

Name of the Vulnerable Software and Affected Versions IdentityIQ versions 8.3 through 8.3p1 IdentityIQ versions 8.2 through 8.2p4 IdentityIQ versions 8.1 through 8.1p6 IdentityIQ versions 8.0 through 8.0p5 IdentityIQ versions prior to 8.0

Description The issue allows authenticated users assigned the Identity Administrator capability or any custom capability that contains the SetIdentityForwarding right to modify the work item forwarding configuration for identities other than the ones that should be allowed by Lifecycle Manager Quicklink Population configuration.

Recommendations For IdentityIQ versions 8.3 through 8.3p1, update to version 8.3p2 or later. For IdentityIQ versions 8.2 through 8.2p4, update to version 8.2p5 or later. For IdentityIQ versions 8.1 through 8.1p6, update to version 8.1p7 or later. For IdentityIQ versions 8.0 through 8.0p5, update to version 8.0p6 or later. For IdentityIQ versions prior to 8.0, update to version 8.0p6 or later. As a temporary workaround, consider restricting the SetIdentityForwarding right to minimize the risk of exploitation.