PT-2023-15067 · Sailpoint+1 · Sailpoint Identityiq+1
Published
2023-01-31
·
Updated
2023-02-08
·
CVE-2022-46835
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SailPoint IdentityIQ versions 8.0 through 8.0p5
SailPoint IdentityIQ versions 8.1 through 8.1p6
SailPoint IdentityIQ versions 8.2 through 8.2p4
SailPoint IdentityIQ versions 8.3 through 8.3p1
Description
The issue allows access to arbitrary files in the application server filesystem due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20.
Recommendations
For SailPoint IdentityIQ versions 8.0 through 8.0p5, update to version 8.0p6 or later.
For SailPoint IdentityIQ versions 8.1 through 8.1p6, update to version 8.1p7 or later.
For SailPoint IdentityIQ versions 8.2 through 8.2p4, update to version 8.2p5 or later.
For SailPoint IdentityIQ versions 8.3 through 8.3p1, update to version 8.3p2 or later.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Javaserver Faces
Sailpoint Identityiq