SailPoint IdentityIQ Access Request for Entitlement Values with Leading/Trailing Whitespace – CVE-2024-1714
Description
An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated user in an access request.
Affected product and versions
IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2
IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p4
IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7
IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p7
All previous versions of IdentityIQ
Resolution
SailPoint has released e-fixes for each impacted and supported version of IdentityIQ. Future patch levels will include the fixes once they become available.
CVE details
| CVE ID | CVE-2024-1714 |
| Published Date | 02/27/2024 |
| Vulnerability Type | Improper Input Validation |
| CWE | CWE-20 |
| CVSS v3 Score | 7.1 |
| CVSS v3 Vector | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L |