IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow an authenticated user to invoke a Java constructor with no arguments or a Java constructor with a single Map argument in any Java class available in the IdentityIQ application classpath.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: SailPoint
Published: 2023-05-31T00:00:00
Updated: 2024-08-02T15:10:23.943Z
Reserved: 2023-05-04T20:01:49.973Z
Link: CVE-2023-32217
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-06-05T04:15:10.927
Modified: 2024-11-21T08:02:55.330
Link: CVE-2023-32217
Redhat
No data.