CVE-2024-2228 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.1 HIGH	NETWORK	HIGH	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
SailPoint	CNA	7.1 HIGH	NETWORK	HIGH	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 43%

Vendor	Product	Version
sailpoint	identityiq	𝑥 < 8.1
sailpoint	identityiq	8.1:patch1
sailpoint	identityiq	8.1:patch2
sailpoint	identityiq	8.1:patch3
sailpoint	identityiq	8.1:patch4
sailpoint	identityiq	8.1:patch5
sailpoint	identityiq	8.1:patch6
sailpoint	identityiq	8.2
sailpoint	identityiq	8.2:patch1
sailpoint	identityiq	8.2:patch2
sailpoint	identityiq	8.2:patch4
sailpoint	identityiq	8.2:patch5
sailpoint	identityiq	8.3
sailpoint	identityiq	8.3:patch1
sailpoint	identityiq	8.3:patch2
sailpoint	identityiq	8.4

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-269 - Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References

https://www.sailpoint.com/security-advisories/

https://www.sailpoint.com/security-advisories/