{ "id": "CVE-2022-46835", "sourceIdentifier": "psirt@sailpoint.com", "published": "2023-01-31T15:15:08.997", "lastModified": "2023-02-08T02:12:20.943", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow access to arbitrary files in the application server filesystem due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950." }, { "lang": "es", "value": "IdentityIQ 8.3 y todos los niveles de parche 8.3 anteriores a 8.3p2, IdentityIQ 8.2 y todos los niveles de parche 8.2 anteriores a 8.2p5, IdentityIQ 8.1 y todos los niveles de parche 8.1 anteriores a 8.1p7, IdentityIQ 8.0 y todos los niveles de parche 8.0 anteriores a 8.0p6 permiten el acceso a archivos arbitrarios en el sistema de archivos del servidor de aplicaciones debido a una vulnerabilidad de path traversal en JavaServer Faces (JSF) 2.2.20 documentada en CVE-2020-6950." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 }, { "source": "psirt@sailpoint.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH" }, "exploitabilityScore": 2.8, "impactScore": 5.9 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-22" } ] }, { "source": "psirt@sailpoint.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-22" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:sailpoint:identityiq:8.0:-:*:*:*:*:*:*", "matchCriteriaId": "331C62A4-620B-483A-87A6-9AA51679AF92" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sailpoint:identityiq:8.0:patch1:*:*:*:*:*:*", "matchCriteriaId": "C84FC633-5B3C-4A40-A588-EF3AF509BBE9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sailpoint:identityiq:8.0:patch2:*:*:*:*:*:*", "matchCriteriaId": "6080940F-819D-468F-90B7-D1E135020777" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sailpoint:identityiq:8.0:patch3:*:*:*:*:*:*", "matchCriteriaId": "E018B45E-96CF-45C2-B405-3AFCC683BF9C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sailpoint:identityiq:8.0:patch4:*:*:*:*:*:*", "matchCriteriaId": "CE18C753-3EE9-49C4-A99F-4429E0B20A1A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sailpoint:identityiq:8.0:patch5:*:*:*:*:*:*", "matchCriteriaId": "F5641886-0FBB-472D-950A-70F94FB99087" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sailpoint:identityiq:8.1:-:*:*:*:*:*:*", "matchCriteriaId": "00C8E5FB-5B6D-4C1B-AEFE-C884B28392D8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sailpoint:identityiq:8.1:patch1:*:*:*:*:*:*", "matchCriteriaId": "216615A8-0E21-4597-871C-AC121BF0E150" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sailpoint:identityiq:8.1:patch2:*:*:*:*:*:*", "matchCriteriaId": "35ECC22F-B2A2-4750-B995-2944F12C1BFF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sailpoint:identityiq:8.1:patch3:*:*:*:*:*:*", "matchCriteriaId": "9ECEF57B-DA34-402A-86F0-713A3683A172" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sailpoint:identityiq:8.1:patch4:*:*:*:*:*:*", "matchCriteriaId": "1815D4C7-50FC-45DA-8130-E9258CAFBD09" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sailpoint:identityiq:8.1:patch5:*:*:*:*:*:*", "matchCriteriaId": "F784765E-8B3C-4F96-B57A-E6E7AECE628C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sailpoint:identityiq:8.1:patch6:*:*:*:*:*:*", "matchCriteriaId": "A7B4F481-4E74-4B56-9851-E1A665F5783D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sailpoint:identityiq:8.2:-:*:*:*:*:*:*", "matchCriteriaId": "224129BF-667F-4F6A-8E9A-15390F6FA3D5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sailpoint:identityiq:8.2:patch1:*:*:*:*:*:*", "matchCriteriaId": "2A8C2668-C1F1-4A67-A2B3-99B5746C6A52" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sailpoint:identityiq:8.2:patch2:*:*:*:*:*:*", "matchCriteriaId": "A9D91EB5-EC8E-4200-9245-13E37312343D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sailpoint:identityiq:8.2:patch4:*:*:*:*:*:*", "matchCriteriaId": "63352C53-ADD8-49CD-B9E6-648183BDED68" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sailpoint:identityiq:8.3:-:*:*:*:*:*:*", "matchCriteriaId": "1173CC53-CBE5-450C-96BF-8583D1B3D185" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sailpoint:identityiq:8.3:patch1:*:*:*:*:*:*", "matchCriteriaId": "2C0F5E55-5D33-425F-9DA7-49FE66CD84C4" } ] } ] } ], "references": [ { "url": "https://www.sailpoint.com/security-advisories/sailpoint-identityiq-file-traversal-vulnerability-cve-2022-46835/", "source": "psirt@sailpoint.com", "tags": [ "Vendor Advisory" ] } ] }