SailPoint Identity Security Cloud Improper Access Control – CVE-2024-3317

Description

An improper access control was identified in the Identity Security Cloud (ISC) message server API that allowed an authenticated user to exfiltrate job processing metadata (opaque messageIDs, work queue depth and counts) for other tenants.

Affected product and versions

Identity Security Cloud

Resolution

This issue has been resolved. No further action is needed.

CVE details

CVE ID: CVE-2024-3317

Published Date: 05/15/2024

Vulnerability Type: Improper Access Control

CWE: CWE-284

CVSS v3 Score: 6.5 (Medium)

CVSS v3 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N