CVE-2024-3319

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-3319
An issue was identified in the Identity Security Cloud (ISC) Transform preview and IdentityProfile preview API endpoints that allowed an authenticated administrator to execute user-defined templates as part of attribute transforms which could allow remote code execution on the host.

9.1 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://www.sailpoint.com/security-advisories/
https://www.sailpoint.com/security-advisories/
Configurations

No configuration.

History

21 Nov 2024, 09:29

Type Values Removed Values Added
References () https://www.sailpoint.com/security-advisories/ - () https://www.sailpoint.com/security-advisories/ -
Summary
  • (es) Se identificó un problema en los endpoints de la API de vista previa de Transform de Identity Security Cloud (ISC) y de vista previa de IdentityProfile que permitían que un administrador autenticado ejecutara plantillas definidas por el usuario como parte de las transformaciones de atributos, lo que podría permitir la ejecución remota de código en el host.

15 May 2024, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-15 16:15

Updated : 2024-11-21 09:29

NVD link : CVE-2024-3319

Mitre link : CVE-2024-3319

CVE.ORG link : CVE-2024-3319

JSON object : View

Products Affected

No product.

CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024