CVE-2024-1714
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
21/02/2024
Last modified:
30/09/2025
Description
An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated user in an access request.
Impact
Base Score 3.x
7.10
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:sailpoint:identityiq:8.1:-:*:*:*:*:*:* | ||
| cpe:2.3:a:sailpoint:identityiq:8.1:patch1:*:*:*:*:*:* | ||
| cpe:2.3:a:sailpoint:identityiq:8.1:patch2:*:*:*:*:*:* | ||
| cpe:2.3:a:sailpoint:identityiq:8.1:patch3:*:*:*:*:*:* | ||
| cpe:2.3:a:sailpoint:identityiq:8.1:patch4:*:*:*:*:*:* | ||
| cpe:2.3:a:sailpoint:identityiq:8.1:patch5:*:*:*:*:*:* | ||
| cpe:2.3:a:sailpoint:identityiq:8.1:patch6:*:*:*:*:*:* | ||
| cpe:2.3:a:sailpoint:identityiq:8.2:-:*:*:*:*:*:* | ||
| cpe:2.3:a:sailpoint:identityiq:8.2:patch1:*:*:*:*:*:* | ||
| cpe:2.3:a:sailpoint:identityiq:8.2:patch2:*:*:*:*:*:* | ||
| cpe:2.3:a:sailpoint:identityiq:8.2:patch4:*:*:*:*:*:* | ||
| cpe:2.3:a:sailpoint:identityiq:8.3:-:*:*:*:*:*:* | ||
| cpe:2.3:a:sailpoint:identityiq:8.3:patch1:*:*:*:*:*:* | ||
| cpe:2.3:a:sailpoint:identityiq:8.4:-:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://www.sailpoint.com/security-advisories/sailpoint-identityiq-access-request-for-entitlement-values-with-leading-trailing-whitespace-cve-2024-1714/
- https://www.sailpoint.com/security-advisories/sailpoint-identityiq-access-request-for-entitlement-values-with-leading-trailing-whitespace-cve-2024-1714/