CRITICAL🇵🇱 Wersja polska

CVE-2023-32217

CVSS 9.0v3.1pub. 2023-06-05upd. 2026-02-25

IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow an authenticated user to invoke a Java constructor with no arguments or a Java constructor with a single Map argument in any Java class available in the IdentityIQ application classpath.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
  • Sailpoint Identityiq

    APP
    Sailpoint
    8.08.18.28.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-10905CRITICAL10.0PL ✓ten sam produkt

SailPoint IdentityIQ — nieautoryzowany dostęp do chronionych zasobów statycznych

CVE-2024-2227CRITICAL10.0PL ✓ten sam produkt

Path Traversal w SailPoint IdentityIQ — dostęp do dowolnych plików serwera

CVE-2026-5712HIGH8.0ten sam produkt

This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the request...

CVE-2025-10280HIGH7.1ten sam produkt

IdentityIQ 8.5, IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p4, IdentityIQ 8.3 and all 8.3 patch level...

CVE-2024-2228HIGH7.1ten sam produkt

This vulnerability allows an authenticated user to perform a Lifecycle Manager flow or other QuickLink for a t...