CVE-2023-32217

{"id": "CVE-2023-32217", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "psirt@sailpoint.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.3}]}, "published": "2023-06-05T04:15:10.927", "references": [{"url": "https://www.sailpoint.com/security-advisories/sailpoint-identityiq-unsafe-use-of-reflection-vulnerability-cve-2023-32217/", "tags": ["Vendor Advisory"], "source": "psirt@sailpoint.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-470"}]}, {"type": "Secondary", "source": "psirt@sailpoint.com", "description": [{"lang": "en", "value": "CWE-470"}]}], "descriptions": [{"lang": "en", "value": "IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6\u00a0allow an authenticated user to invoke a Java constructor with no arguments or a Java constructor with a single Map argument in any Java class available in the IdentityIQ application classpath.\n\n"}], "lastModified": "2023-06-12T18:27:46.077", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sailpoint:identityiq:8.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "331C62A4-620B-483A-87A6-9AA51679AF92"}, {"criteria": "cpe:2.3:a:sailpoint:identityiq:8.0:patch1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C84FC633-5B3C-4A40-A588-EF3AF509BBE9"}, {"criteria": "cpe:2.3:a:sailpoint:identityiq:8.0:patch2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6080940F-819D-468F-90B7-D1E135020777"}, {"criteria": "cpe:2.3:a:sailpoint:identityiq:8.0:patch3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E018B45E-96CF-45C2-B405-3AFCC683BF9C"}, {"criteria": "cpe:2.3:a:sailpoint:identityiq:8.0:patch4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE18C753-3EE9-49C4-A99F-4429E0B20A1A"}, {"criteria": "cpe:2.3:a:sailpoint:identityiq:8.1:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00C8E5FB-5B6D-4C1B-AEFE-C884B28392D8"}, {"criteria": "cpe:2.3:a:sailpoint:identityiq:8.1:patch1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "216615A8-0E21-4597-871C-AC121BF0E150"}, {"criteria": "cpe:2.3:a:sailpoint:identityiq:8.1:patch2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35ECC22F-B2A2-4750-B995-2944F12C1BFF"}, {"criteria": "cpe:2.3:a:sailpoint:identityiq:8.1:patch3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9ECEF57B-DA34-402A-86F0-713A3683A172"}, {"criteria": "cpe:2.3:a:sailpoint:identityiq:8.1:patch4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1815D4C7-50FC-45DA-8130-E9258CAFBD09"}, {"criteria": "cpe:2.3:a:sailpoint:identityiq:8.1:patch5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F784765E-8B3C-4F96-B57A-E6E7AECE628C"}, {"criteria": "cpe:2.3:a:sailpoint:identityiq:8.2:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "224129BF-667F-4F6A-8E9A-15390F6FA3D5"}, {"criteria": "cpe:2.3:a:sailpoint:identityiq:8.2:patch1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A8C2668-C1F1-4A67-A2B3-99B5746C6A52"}, {"criteria": "cpe:2.3:a:sailpoint:identityiq:8.2:patch2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9D91EB5-EC8E-4200-9245-13E37312343D"}, {"criteria": "cpe:2.3:a:sailpoint:identityiq:8.2:patch4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63352C53-ADD8-49CD-B9E6-648183BDED68"}, {"criteria": "cpe:2.3:a:sailpoint:identityiq:8.3:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1173CC53-CBE5-450C-96BF-8583D1B3D185"}, {"criteria": "cpe:2.3:a:sailpoint:identityiq:8.3:patch1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C0F5E55-5D33-425F-9DA7-49FE66CD84C4"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@sailpoint.com"}