VYPR
Unrated severityNVD Advisory· Published May 31, 2023· Updated Jan 10, 2025

SailPoint IdentityIQ Unsafe use of Reflection Vulnerability

CVE-2023-32217

Description

IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow an authenticated user to invoke a Java constructor with no arguments or a Java constructor with a single Map argument in any Java class available in the IdentityIQ application classpath.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Sailpoint/Identityiqllm-fuzzy2 versions
    prior to 8.3p3, 8.2p6, 8.1p7, 8.0p6+ 1 more
    • (no CPE)range: prior to 8.3p3, 8.2p6, 8.1p7, 8.0p6
    • (no CPE)range: 8.3

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.