1. Security Advisories
  2. CVE-2022-46835

SailPoint IdentityIQ Unsafe use of Reflection Vulnerability- CVE-2023-32217


This vulnerability allows an authenticated user to invoke a Java constructor with no arguments or a Java
constructor with a single Map argument in any Java class available in the IdentityIQ application

Affected product and versions

IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2

IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5

IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p6

IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p5


SailPoint has released e-fixes for each impacted and supported version of IdentityIQ. Future patch levels
will include the fixes once they become available.

CVE details

CVE IDCVE-2023-32217
Published Date05/31/2023
Vulnerability TypeVulnerability Type Unsafe use of Reflection
CVSS v3 Score9.0
CVSS v3 VectorCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N