IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow an authenticated user to invoke a Java constructor with no arguments or a Java constructor with a single Map argument in any Java class available in the IdentityIQ application classpath.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:HSailpoint Identityiq
APPSailpoint8.08.18.28.3
Related vulnerabilities
SailPoint IdentityIQ — nieautoryzowany dostęp do chronionych zasobów statycznych
Path Traversal w SailPoint IdentityIQ — dostęp do dowolnych plików serwera
This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the request...
IdentityIQ 8.5, IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p4, IdentityIQ 8.3 and all 8.3 patch level...
This vulnerability allows an authenticated user to perform a Lifecycle Manager flow or other QuickLink for a t...