CVE-2022-46835

IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow access to arbitrary files in the application server filesystem due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SailPointCNA
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
VendorProductVersion
sailpointidentityiq
8.0
sailpointidentityiq
8.0:patch1
sailpointidentityiq
8.0:patch2
sailpointidentityiq
8.0:patch3
sailpointidentityiq
8.0:patch4
sailpointidentityiq
8.0:patch5
sailpointidentityiq
8.1
sailpointidentityiq
8.1:patch1
sailpointidentityiq
8.1:patch2
sailpointidentityiq
8.1:patch3
sailpointidentityiq
8.1:patch4
sailpointidentityiq
8.1:patch5
sailpointidentityiq
8.1:patch6
sailpointidentityiq
8.2
sailpointidentityiq
8.2:patch1
sailpointidentityiq
8.2:patch2
sailpointidentityiq
8.2:patch4
sailpointidentityiq
8.3
sailpointidentityiq
8.3:patch1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.sailpoint.com/security-advisories/sailpoint-identityiq-file-traversal-vulnerability-cve-2022-46835/
https://www.sailpoint.com/security-advisories/sailpoint-identityiq-file-traversal-vulnerability-cve-2022-46835/