CVE-2024-2227

EUVD-2024-27183
This vulnerability allows access to arbitrary files in the application server file system due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950. The remediation for this vulnerability contained in this security fix provides additional changes to the remediation announced in May 2021 tracked by ETN IIQSAW-3585 and January 2024 tracked by IIQFW-336. This vulnerability in IdentityIQ is assigned CVE-2024-2227.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
Affected Products (NVD)
VendorProductVersion
sailpointidentityiq
𝑥
< 8.1
sailpointidentityiq
8.1:patch1
sailpointidentityiq
8.1:patch2
sailpointidentityiq
8.1:patch3
sailpointidentityiq
8.1:patch4
sailpointidentityiq
8.1:patch5
sailpointidentityiq
8.1:patch6
sailpointidentityiq
8.2
sailpointidentityiq
8.2:patch1
sailpointidentityiq
8.2:patch2
sailpointidentityiq
8.2:patch4
sailpointidentityiq
8.2:patch5
sailpointidentityiq
8.3
sailpointidentityiq
8.3:patch1
sailpointidentityiq
8.3:patch2
sailpointidentityiq
8.4
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
sailpointidentityiq
8.1 ≤
𝑥
< 8.1p7
ADP
sailpointidentityiq
8.2 ≤
𝑥
< 8.2p7
ADP
sailpointidentityiq
8.3 ≤
𝑥
< 8.3p4
ADP
sailpointidentityiq
8.4 ≤
𝑥
< 8.4p1
ADP
Common Weakness Enumeration
References
https://www.sailpoint.com/security-advisories/
https://www.sailpoint.com/security-advisories/