VYPR
Vendor

Sailpoint

Products
5
CVEs
13
Across products
14
Status
Private

Products

5

Recent CVEs

13
  • CVE-2024-3319CriMay 15, 2024
    risk 0.59cvss 9.1epss 0.01

    An issue was identified in the Identity Security Cloud (ISC) Transform preview and IdentityProfile preview API endpoints that allowed an authenticated administrator to execute user-defined templates as part of attribute transforms which could allow remote code execution on the…

  • CVE-2026-5712HigApr 29, 2026
    risk 0.52cvss 8.0epss 0.00

    This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing.

  • CVE-2024-3317MedMay 15, 2024
    risk 0.42cvss 6.5epss 0.00

    An improper access control was identified in the Identity Security Cloud (ISC) message server API that allowed an authenticated user to exfiltrate job processing metadata (opaque messageIDs, work queue depth and counts) for other tenants.

  • CVE-2024-3318MedMay 15, 2024
    risk 0.27cvss 4.2epss 0.00

    A file path traversal vulnerability was identified in the DelimitedFileConnector Cloud Connector that allowed an authenticated administrator to set arbitrary connector attributes, including the “file“ attribute, which in turn allowed the user to access files uploaded for…

  • CVE-2025-10280Nov 3, 2025
    risk 0.00cvss epss 0.00

    IdentityIQ 8.5, IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p4, IdentityIQ 8.3 and all 8.3 patch levels including 8.3p5, and all prior versions allows some IdentityIQ web services that provide non-HTML content to be accessed via a URL path that will set the Content-Type…

  • CVE-2024-10905Dec 2, 2024
    risk 0.00cvss epss 0.01

    IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions allow HTTP/HTTPS access to static content in the IdentityIQ application directory that…

  • CVE-2024-2228Mar 22, 2024
    risk 0.00cvss epss 0.00

    This vulnerability allows an authenticated user to perform a Lifecycle Manager flow or other QuickLink for a target user outside of the defined QuickLink Population.

  • CVE-2024-2227Mar 22, 2024
    risk 0.00cvss epss 0.01

    This vulnerability allows access to arbitrary files in the application server file system due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950. The remediation for this vulnerability contained in this security fix provides additional…

  • CVE-2024-1714Feb 21, 2024
    risk 0.00cvss epss 0.00

    An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated user in an access request.

  • CVE-2023-32217May 31, 2023
    risk 0.00cvss epss 0.01

    IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow an authenticated user to invoke a Java…

  • CVE-2022-45435Jan 31, 2023
    risk 0.00cvss epss 0.00

    IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6, and all prior versions allow authenticated users…

  • CVE-2022-46835Jan 31, 2023
    risk 0.00cvss epss 0.01

    IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow access to arbitrary files in the application…

  • CVE-2019-12889Aug 20, 2019
    risk 0.00cvss epss 0.01

    An unauthenticated privilege escalation exists in SailPoint Desktop Password Reset 7.2. A user with local access to only the Windows logon screen can escalate their privileges to NT AUTHORITY\System. An attacker would need local access to the machine for a successful exploit.…