← volver
CVE-2024-3319

Security implication in SailPoint Identity Security Cloud IdentityProfile API Endpoints

CVSS 9.1 CRITICALEPSS 0.8%CWE-94
Vexday Risk Score
28Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 9.1EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
15 may 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
An issue was identified in the Identity Security Cloud (ISC) Transform preview and IdentityProfile preview API endpoints that allowed an authenticated administrator to execute user-defined templates as part of attribute transforms which could allow remote code execution on the host.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Productos afectados
SailPoint · Identity Security Cloud

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.sailpoint.com/security-advisories/