fkie_nvd - fkie_cve-2022-45435

fkie_cve-2022-45435

Vulnerability from fkie_nvd

Published

2023-01-31 15:15

Modified

2024-11-21 07:29

Severity ?

6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Summary

IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6, and all prior versions allow authenticated users assigned the Identity Administrator capability or any custom capability that contains the SetIdentityForwarding right to modify the work item forwarding configuration for identities other than the ones that should be allowed by Lifecycle Manager Quicklink Population configuration.

References

▶	URL	Tags
	psirt@sailpoint.com	https://www.sailpoint.com/security-advisories/sailpoint-identityiq-identity-forwarding-vulnerability-cve-2022-45435/	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.sailpoint.com/security-advisories/sailpoint-identityiq-identity-forwarding-vulnerability-cve-2022-45435/	Vendor Advisory

Impacted products

Vendor	Product	Version
sailpoint	identityiq	*
sailpoint	identityiq	8.0
sailpoint	identityiq	8.0
sailpoint	identityiq	8.0
sailpoint	identityiq	8.0
sailpoint	identityiq	8.0
sailpoint	identityiq	8.0
sailpoint	identityiq	8.1
sailpoint	identityiq	8.1
sailpoint	identityiq	8.1
sailpoint	identityiq	8.1
sailpoint	identityiq	8.1
sailpoint	identityiq	8.1
sailpoint	identityiq	8.1
sailpoint	identityiq	8.2
sailpoint	identityiq	8.2
sailpoint	identityiq	8.2
sailpoint	identityiq	8.2
sailpoint	identityiq	8.3
sailpoint	identityiq	8.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sailpoint:identityiq:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3470BC7-4C59-4887-85FA-62E4CFCE31D4",
              "versionEndExcluding": "8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sailpoint:identityiq:8.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "331C62A4-620B-483A-87A6-9AA51679AF92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sailpoint:identityiq:8.0:patch1:*:*:*:*:*:*",
              "matchCriteriaId": "C84FC633-5B3C-4A40-A588-EF3AF509BBE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sailpoint:identityiq:8.0:patch2:*:*:*:*:*:*",
              "matchCriteriaId": "6080940F-819D-468F-90B7-D1E135020777",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sailpoint:identityiq:8.0:patch3:*:*:*:*:*:*",
              "matchCriteriaId": "E018B45E-96CF-45C2-B405-3AFCC683BF9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sailpoint:identityiq:8.0:patch4:*:*:*:*:*:*",
              "matchCriteriaId": "CE18C753-3EE9-49C4-A99F-4429E0B20A1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sailpoint:identityiq:8.0:patch5:*:*:*:*:*:*",
              "matchCriteriaId": "F5641886-0FBB-472D-950A-70F94FB99087",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sailpoint:identityiq:8.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "00C8E5FB-5B6D-4C1B-AEFE-C884B28392D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sailpoint:identityiq:8.1:patch1:*:*:*:*:*:*",
              "matchCriteriaId": "216615A8-0E21-4597-871C-AC121BF0E150",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sailpoint:identityiq:8.1:patch2:*:*:*:*:*:*",
              "matchCriteriaId": "35ECC22F-B2A2-4750-B995-2944F12C1BFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sailpoint:identityiq:8.1:patch3:*:*:*:*:*:*",
              "matchCriteriaId": "9ECEF57B-DA34-402A-86F0-713A3683A172",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sailpoint:identityiq:8.1:patch4:*:*:*:*:*:*",
              "matchCriteriaId": "1815D4C7-50FC-45DA-8130-E9258CAFBD09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sailpoint:identityiq:8.1:patch5:*:*:*:*:*:*",
              "matchCriteriaId": "F784765E-8B3C-4F96-B57A-E6E7AECE628C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sailpoint:identityiq:8.1:patch6:*:*:*:*:*:*",
              "matchCriteriaId": "A7B4F481-4E74-4B56-9851-E1A665F5783D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sailpoint:identityiq:8.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "224129BF-667F-4F6A-8E9A-15390F6FA3D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sailpoint:identityiq:8.2:patch1:*:*:*:*:*:*",
              "matchCriteriaId": "2A8C2668-C1F1-4A67-A2B3-99B5746C6A52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sailpoint:identityiq:8.2:patch2:*:*:*:*:*:*",
              "matchCriteriaId": "A9D91EB5-EC8E-4200-9245-13E37312343D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sailpoint:identityiq:8.2:patch4:*:*:*:*:*:*",
              "matchCriteriaId": "63352C53-ADD8-49CD-B9E6-648183BDED68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sailpoint:identityiq:8.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "1173CC53-CBE5-450C-96BF-8583D1B3D185",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sailpoint:identityiq:8.3:patch1:*:*:*:*:*:*",
              "matchCriteriaId": "2C0F5E55-5D33-425F-9DA7-49FE66CD84C4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6, and all prior versions allow authenticated users assigned the Identity Administrator capability or any custom capability that contains the SetIdentityForwarding right to modify the work item forwarding configuration for identities other than the ones that should be allowed by Lifecycle Manager Quicklink Population configuration."
    },
    {
      "lang": "es",
      "value": "IdentityIQ 8.3 y todos los niveles de parche 8.3 anteriores a 8.3p2, IdentityIQ 8.2 y todos los niveles de parche 8.2 anteriores a 8.2p5, IdentityIQ 8.1 y todos los niveles de parche 8.1 anteriores a 8.1p7, IdentityIQ 8.0 y todos los niveles de parche 8.0 anteriores a 8.0p6, y todos Las versiones anteriores permiten a los usuarios autenticados a los que se les ha asignado la capacidad de Administrador de identidades o cualquier capacidad personalizada que contenga el derecho SetIdentityForwarding modificar la configuraci\u00f3n de reenv\u00edo de elementos de trabajo para identidades distintas a las que deber\u00edan permitirse mediante la configuraci\u00f3n de Poblaci\u00f3n de enlaces r\u00e1pidos de Lifecycle Manager."
    }
  ],
  "id": "CVE-2022-45435",
  "lastModified": "2024-11-21T07:29:15.307",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.2,
        "source": "psirt@sailpoint.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-01-31T15:15:08.837",
  "references": [
    {
      "source": "psirt@sailpoint.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.sailpoint.com/security-advisories/sailpoint-identityiq-identity-forwarding-vulnerability-cve-2022-45435/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.sailpoint.com/security-advisories/sailpoint-identityiq-identity-forwarding-vulnerability-cve-2022-45435/"
    }
  ],
  "sourceIdentifier": "psirt@sailpoint.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "psirt@sailpoint.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2022-45435 (GCVE-0-2022-45435)

Vulnerability from cvelistv5

Published

2023-01-31 00:00

Modified

2025-03-27 18:28

Severity ?

6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-863 - Incorrect Authorization

Summary

References

►

URL

Tags

https://www.sailpoint.com/security-advisories/sailpoint-identityiq-identity-forwarding-vulnerability-cve-2022-45435/