{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1714", "assignerOrgId": "2cfc7547-56a0-4049-8b52-c3078e8a8719", "state": "PUBLISHED", "assignerShortName": "SailPoint", "dateReserved": "2024-02-21T16:52:41.030Z", "datePublished": "2024-02-21T16:57:19.298Z", "dateUpdated": "2024-08-01T18:48:21.832Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "IdentityIQ", "vendor": "SailPoint", "versions": [{"lessThan": "8.2p7", "status": "affected", "version": "8.2", "versionType": "semver"}, {"lessThan": "8.3p4", "status": "affected", "version": "8.3", "versionType": "semver"}, {"lessThan": "8.4p1", "status": "affected", "version": "8.4", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated user in an access request."}], "value": "An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated user in an access request."}], "impacts": [{"capecId": "CAPEC-122", "descriptions": [{"lang": "en", "value": "CAPEC-122 Privilege Abuse"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2cfc7547-56a0-4049-8b52-c3078e8a8719", "shortName": "SailPoint", "dateUpdated": "2024-04-17T18:37:39.187Z"}, "references": [{"url": "https://www.sailpoint.com/security-advisories/sailpoint-identityiq-access-request-for-entitlement-values-with-leading-trailing-whitespace-cve-2024-1714/"}], "source": {"discovery": "UNKNOWN"}, "title": "Access Request for Entitlement Values with Leading/Trailing Whitespace", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1714", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-06T19:02:28.625676Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:22:08.914Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:48:21.832Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.sailpoint.com/security-advisories/sailpoint-identityiq-access-request-for-entitlement-values-with-leading-trailing-whitespace-cve-2024-1714/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.sailpoint.com/security-advisories/sailpoint-identityiq-access-request-for-entitlement-values-with-leading-trailing-whitespace-cve-2024-1714/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:48:21.832Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1714", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-06T19:02:28.625676Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:41.365Z"}}], "cna": {"title": "Access Request for Entitlement Values with Leading/Trailing Whitespace", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-122", "descriptions": [{"lang": "en", "value": "CAPEC-122 Privilege Abuse"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SailPoint", "product": "IdentityIQ", "versions": [{"status": "affected", "version": "8.2", "lessThan": "8.2p7", "versionType": "semver"}, {"status": "affected", "version": "8.3", "lessThan": "8.3p4", "versionType": "semver"}, {"status": "affected", "version": "8.4", "lessThan": "8.4p1", "versionType": "semver"}], "defaultStatus": "unknown"}], "references": [{"url": "https://www.sailpoint.com/security-advisories/sailpoint-identityiq-access-request-for-entitlement-values-with-leading-trailing-whitespace-cve-2024-1714/"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated user in an access request.", "supportingMedia": [{"type": "text/html", "value": "An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated user in an access request.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "2cfc7547-56a0-4049-8b52-c3078e8a8719", "shortName": "SailPoint", "dateUpdated": "2024-04-17T18:37:39.187Z"}}}, "cveMetadata": {"cveId": "CVE-2024-1714", "state": "PUBLISHED", "dateUpdated": "2024-08-01T18:48:21.832Z", "dateReserved": "2024-02-21T16:52:41.030Z", "assignerOrgId": "2cfc7547-56a0-4049-8b52-c3078e8a8719", "datePublished": "2024-02-21T16:57:19.298Z", "assignerShortName": "SailPoint"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated user in an access request."}, {"lang": "es", "value": "Existe un problema en todas las versiones compatibles de IdentityIQ Lifecycle Manager que puede surgir si un usuario autenticado solicita un derecho con un valor que contiene espacios en blanco al principio o al final en una solicitud de acceso."}], "id": "CVE-2024-1714", "lastModified": "2024-03-07T13:52:27.110", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 5.3, "source": "psirt@sailpoint.com", "type": "Secondary"}]}, "published": "2024-02-21T17:15:09.003", "references": [{"source": "psirt@sailpoint.com", "url": "https://www.sailpoint.com/security-advisories/sailpoint-identityiq-access-request-for-entitlement-values-with-leading-trailing-whitespace-cve-2024-1714/"}], "sourceIdentifier": "psirt@sailpoint.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "psirt@sailpoint.com", "type": "Secondary"}]}

{}