Remote Code Execution Vulnerability in Okta Identity Security Cloud
CVE-2024-3319

9.1CRITICAL

Key Information:

Vendor: Sailpoint
Status: Identity Security Cloud
Vendor: CVE Published:; 15 May 2024

Badges

📰 News Worthy

What is CVE-2024-3319?

A vulnerability exists in SailPoint's Identity Security Cloud specifically within the ISC Transform preview and IdentityProfile preview API endpoints. This flaw enables an authenticated administrator to execute user-defined templates during attribute transformations, potentially leading to unauthorized remote code execution on the host system. Organizations utilizing these endpoints must take immediate action to mitigate this risk.

Affected Version(s)

Identity Security Cloud

News Articles

prophaze.com

CVE-2024-3319 CVE-2024-4984

CVE-2022-37897 : ARUBA NETWORKS ARUBAOS PAPI COMMAND INJECTION - Cloud WAF

CVE-2022-37897 : There is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211).

References

https://www.sailpoint.com/security-advisories/

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by prophaze.com
May 20, 2024
Vulnerability published
May 15, 2024
Vulnerability Reserved
Apr 4, 2024

Sailpoint

Badges

What is CVE-2024-3319?

Affected Version(s)

News Articles

CVE-2022-37897 : ARUBA NETWORKS ARUBAOS PAPI COMMAND INJECTION - Cloud WAF

References

CVSS V3.1

Timeline