IdentityIQ 8.5, IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p4, IdentityIQ 8.3 and all 8.3 patch levels including 8.3p5, and all prior versions allows some IdentityIQ web services that provide non-HTML content to be accessed via a URL path that will set the Content-Type to HTML allowing a requesting browser to interpret content not properly escaped to prevent Cross-Site Scripting (XSS).
oryginał ENCVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:HSailpoint Identityiq
APPSailpoint8.38.48.5< 8.3
Powiązane podatności
SailPoint IdentityIQ — nieautoryzowany dostęp do chronionych zasobów statycznych
Path Traversal w SailPoint IdentityIQ — dostęp do dowolnych plików serwera
IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6...
This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the request...
This vulnerability allows an authenticated user to perform a Lifecycle Manager flow or other QuickLink for a t...