SailPoint IdentityIQ JavaServer File Path Traversal Vulnerability
CVE-2022-46835

8.8HIGH

Key Information:

Vendor: Sailpoint
Status: Identityiq
Vendor: CVE Published:; 31 January 2023

What is CVE-2022-46835?

Certain versions of SailPoint's IdentityIQ software exhibit a path traversal vulnerability, allowing attackers to access arbitrary files within the application server filesystem. This issue arises from an exploit in JavaServer Faces, specifically version 2.2.20, which impacts several IdentityIQ versions before specific patch levels. Prompt attention to patching and securing affected systems is essential to mitigate potential exposure.

Affected Version(s)

IdentityIQ 8.3 <= 8.3p1

IdentityIQ 8.2 <= 8.2p4

IdentityIQ 8.1 <= 8.1p6

References

https://www.sailpoint.com/security-advisories/sailpoint-i...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 31, 2023
Vulnerability Reserved
Dec 8, 2022

Sailpoint

What is CVE-2022-46835?

Affected Version(s)

References

CVSS V3.1

Timeline