CVE-2024-1714

An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated user in an access request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.1 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L
SailPointCNA
7.1 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L
CISA-ADPADP
7.1 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
VendorProductVersion
sailpointidentityiq
8.1
sailpointidentityiq
8.1:patch1
sailpointidentityiq
8.1:patch2
sailpointidentityiq
8.1:patch3
sailpointidentityiq
8.1:patch4
sailpointidentityiq
8.1:patch5
sailpointidentityiq
8.1:patch6
sailpointidentityiq
8.2
sailpointidentityiq
8.2:patch1
sailpointidentityiq
8.2:patch2
sailpointidentityiq
8.2:patch4
sailpointidentityiq
8.3
sailpointidentityiq
8.3:patch1
sailpointidentityiq
8.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.sailpoint.com/security-advisories/sailpoint-identityiq-access-request-for-entitlement-values-with-leading-trailing-whitespace-cve-2024-1714/
https://www.sailpoint.com/security-advisories/sailpoint-identityiq-access-request-for-entitlement-values-with-leading-trailing-whitespace-cve-2024-1714/