{
  "id": "CVE-2024-3317",
  "sourceIdentifier": "psirt@sailpoint.com",
  "published": "2024-05-15T16:15:10.727",
  "lastModified": "2024-11-21T09:29:22.997",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An improper access control was identified in the Identity Security Cloud (ISC) message server API that allowed an authenticated user to exfiltrate job processing metadata (opaque messageIDs, work queue depth and counts) for other tenants."
    },
    {
      "lang": "es",
      "value": "Se identific\u00f3 un control de acceso inadecuado en la API del servidor de mensajes de Identity Security Cloud (ISC) que permit\u00eda a un usuario autenticado filtrar metadatos de procesamiento de trabajos (ID de mensajes opacos, profundidad de la cola de trabajo y recuentos) para otros inquilinos."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "psirt@sailpoint.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6
      }
    ]
  },
  "weaknesses": [
    {
      "source": "psirt@sailpoint.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-1284"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.sailpoint.com/security-advisories/",
      "source": "psirt@sailpoint.com"
    },
    {
      "url": "https://www.sailpoint.com/security-advisories/",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    }
  ]
}