CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-32217

IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow an authenticated user to invoke a Java constructor with no arguments or a Java constructor with a single Map argument in any Java class available in the IdentityIQ application classpath.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 68.3%

CVSS Severity

CVSS v3 Score 9.0

References

https://www.sailpoint.com/security-advisories/sailpoint-identityiq-unsafe-use-of-reflection-vulnerability-cve-2023-32217/
https://www.sailpoint.com/security-advisories/sailpoint-identityiq-unsafe-use-of-reflection-vulnerability-cve-2023-32217/

Products affected by CVE-2023-32217

Sailpoint » Identityiq » Version: 8.0

cpe:2.3:a:sailpoint:identityiq:8.0
Sailpoint » Identityiq » Version: 8.1

cpe:2.3:a:sailpoint:identityiq:8.1
Sailpoint » Identityiq » Version: 8.2

cpe:2.3:a:sailpoint:identityiq:8.2
Sailpoint » Identityiq » Version: 8.3

cpe:2.3:a:sailpoint:identityiq:8.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-32217

Products

Pricing

Contact Us