Vulnerabilities > CVE-2022-45435 - Incorrect Authorization vulnerability in Sailpoint Identityiq

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

sailpoint

CWE-863

NVD

Published: 2023-01-31

Updated: 2023-02-08

Summary

IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6, and all prior versions allow authenticated users assigned the Identity Administrator capability or any custom capability that contains the SetIdentityForwarding right to modify the work item forwarding configuration for identities other than the ones that should be allowed by Lifecycle Manager Quicklink Population configuration.

Vulnerable Configurations

Part	Description	Count
Application	Sailpoint Sailpoint Identityiq 8.3 Sailpoint Identityiq 8.2 Sailpoint Identityiq 8.1 Sailpoint Identityiq 7.1 Sailpoint Identityiq 7.2 Sailpoint Identityiq 7.3 Sailpoint Identityiq 8.0	41

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://www.sailpoint.com/security-advisories/sailpoint-identityiq-identity-forwarding-vulnerability-cve-2022-45435/