Remote Code Execution Vulnerability in Okta Identity Security Cloud
CVE-2024-3319

9.1CRITICAL

Key Information:

Vendor: Sailpoint
Status: Identity Security Cloud
Vendor: CVE Published:; 15 May 2024

Badges

📰 News Worthy

Summary

A vulnerability exists in SailPoint's Identity Security Cloud specifically within the ISC Transform preview and IdentityProfile preview API endpoints. This flaw enables an authenticated administrator to execute user-defined templates during attribute transformations, potentially leading to unauthorized remote code execution on the host system. Organizations utilizing these endpoints must take immediate action to mitigate this risk.

Affected Version(s)

Identity Security Cloud

News Articles

prophaze.com

CVE-2024-3319 CVE-2024-4984

CVE-2022-37897 : ARUBA NETWORKS ARUBAOS PAPI COMMAND INJECTION - Cloud WAF

CVE-2022-37897 : There is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211).

8 months ago

References

https://www.sailpoint.com/security-advisories/

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

📰
First article discovered by prophaze.com
May 20, 2024
Vulnerability published
May 15, 2024
Vulnerability Reserved
Apr 4, 2024

Key Information:

Badges

Summary

Affected Version(s)

Get notified when SecurityVulnerability.io launches alerting 🔔

News Articles

CVE-2022-37897 : ARUBA NETWORKS ARUBAOS PAPI COMMAND INJECTION - Cloud WAF

References

CVSS V3.1

Timeline