SailPoint IdentityIQ Unsafe use of Reflection Vulnerability- CVE-2023-32217
Description
This vulnerability allows an authenticated user to invoke a Java constructor with no arguments or a Java
constructor with a single Map argument in any Java class available in the IdentityIQ application
classpath.
Affected product and versions
IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2
IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5
IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p6
IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p5
Resolution
SailPoint has released e-fixes for each impacted and supported version of IdentityIQ. Future patch levels
will include the fixes once they become available.
CVE details
| CVE ID | CVE-2023-32217 |
| Published Date | 05/31/2023 |
| Vulnerability Type | Vulnerability Type Unsafe use of Reflection |
| CWE | CWE-470 |
| CVSS v3 Score | 9.0 |
| CVSS v3 Vector | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N |