Vulnerabilities > Sailpoint

DATE CVE VULNERABILITY TITLE RISK
2023-06-05 CVE-2023-32217 Unsafe Reflection vulnerability in Sailpoint Identityiq
IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow an authenticated user to invoke a Java constructor with no arguments or a Java constructor with a single Map argument in any Java class available in the IdentityIQ application classpath.
network
low complexity
sailpoint CWE-470
8.8
2023-01-31 CVE-2022-45435 Incorrect Authorization vulnerability in Sailpoint Identityiq
IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6, and all prior versions allow authenticated users assigned the Identity Administrator capability or any custom capability that contains the SetIdentityForwarding right to modify the work item forwarding configuration for identities other than the ones that should be allowed by Lifecycle Manager Quicklink Population configuration.
network
low complexity
sailpoint CWE-863
6.5
2023-01-31 CVE-2022-46835 Path Traversal vulnerability in Sailpoint Identityiq
IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow access to arbitrary files in the application server filesystem due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950.
network
low complexity
sailpoint CWE-22
7.5
2019-08-20 CVE-2019-12889 Improper Privilege Management vulnerability in Sailpoint Desktop Password Reset 7.2
An unauthenticated privilege escalation exists in SailPoint Desktop Password Reset 7.2.
6.9