{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3317", "assignerOrgId": "2cfc7547-56a0-4049-8b52-c3078e8a8719", "state": "PUBLISHED", "assignerShortName": "SailPoint", "dateReserved": "2024-04-04T16:14:51.162Z", "datePublished": "2024-05-15T15:55:07.011Z", "dateUpdated": "2024-08-01T20:05:08.372Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Identity Security Cloud", "vendor": "SailPoint", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">An improper access control was identified in the Identity Security Cloud (</span><span style=\"background-color: rgb(255, 255, 255);\">ISC</span><span style=\"background-color: rgb(255, 255, 255);\">) message server </span><span style=\"background-color: rgb(255, 255, 255);\">API</span><span style=\"background-color: rgb(255, 255, 255);\"> that allowed an authenticated user to exfiltrate job processing metadata (opaque messageIDs, work queue depth and counts) for other tenants.</span>\n\n"}], "value": "An improper access control was identified in the Identity Security Cloud (ISC) message server API that allowed an authenticated user to exfiltrate job processing metadata (opaque messageIDs, work queue depth and counts) for other tenants."}], "impacts": [{"capecId": "CAPEC-153", "descriptions": [{"lang": "en", "value": "CAPEC-153 Input Data Manipulation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1284", "description": "CWE-1284 Improper Validation of Specified Quantity in Input", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2cfc7547-56a0-4049-8b52-c3078e8a8719", "shortName": "SailPoint", "dateUpdated": "2024-05-15T15:55:07.011Z"}, "references": [{"url": "https://www.sailpoint.com/security-advisories/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">This issue has been resolved. No further action is needed.</span>\n\n<br>"}], "value": "This issue has been resolved. No further action is needed."}], "source": {"discovery": "UNKNOWN"}, "title": "SailPoint Identity Security Cloud Improper Access Control", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3317", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-15T17:37:12.571138Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:32:57.486Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:05:08.372Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.sailpoint.com/security-advisories/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.sailpoint.com/security-advisories/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:05:08.372Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3317", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-15T17:37:12.571138Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-03T14:33:17.688Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "SailPoint Identity Security Cloud Improper Access Control", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-153", "descriptions": [{"lang": "en", "value": "CAPEC-153 Input Data Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SailPoint", "product": "Identity Security Cloud", "versions": [{"status": "affected", "version": "n/a"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "This issue has been resolved. No further action is needed.", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">This issue has been resolved. No further action is needed.</span>\n\n<br>", "base64": false}]}], "references": [{"url": "https://www.sailpoint.com/security-advisories/"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "An improper access control was identified in the Identity Security Cloud (ISC) message server API that allowed an authenticated user to exfiltrate job processing metadata (opaque messageIDs, work queue depth and counts) for other tenants.", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">An improper access control was identified in the Identity Security Cloud (</span><span style=\"background-color: rgb(255, 255, 255);\">ISC</span><span style=\"background-color: rgb(255, 255, 255);\">) message server </span><span style=\"background-color: rgb(255, 255, 255);\">API</span><span style=\"background-color: rgb(255, 255, 255);\"> that allowed an authenticated user to exfiltrate job processing metadata (opaque messageIDs, work queue depth and counts) for other tenants.</span>\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1284", "description": "CWE-1284 Improper Validation of Specified Quantity in Input"}]}], "providerMetadata": {"orgId": "2cfc7547-56a0-4049-8b52-c3078e8a8719", "shortName": "SailPoint", "dateUpdated": "2024-05-15T15:55:07.011Z"}}}, "cveMetadata": {"cveId": "CVE-2024-3317", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:05:08.372Z", "dateReserved": "2024-04-04T16:14:51.162Z", "assignerOrgId": "2cfc7547-56a0-4049-8b52-c3078e8a8719", "datePublished": "2024-05-15T15:55:07.011Z", "assignerShortName": "SailPoint"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "An improper access control was identified in the Identity Security Cloud (ISC) message server API that allowed an authenticated user to exfiltrate job processing metadata (opaque messageIDs, work queue depth and counts) for other tenants."}, {"lang": "es", "value": "Se identific\u00f3 un control de acceso inadecuado en la API del servidor de mensajes de Identity Security Cloud (ISC) que permit\u00eda a un usuario autenticado filtrar metadatos de procesamiento de trabajos (ID de mensajes opacos, profundidad de la cola de trabajo y recuentos) para otros inquilinos."}], "id": "CVE-2024-3317", "lastModified": "2024-11-21T09:29:22.997", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "psirt@sailpoint.com", "type": "Secondary"}]}, "published": "2024-05-15T16:15:10.727", "references": [{"source": "psirt@sailpoint.com", "url": "https://www.sailpoint.com/security-advisories/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.sailpoint.com/security-advisories/"}], "sourceIdentifier": "psirt@sailpoint.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1284"}], "source": "psirt@sailpoint.com", "type": "Secondary"}]}

{}