Vulnerability Description
IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6, and all prior versions allow authenticated users assigned the Identity Administrator capability or any custom capability that contains the SetIdentityForwarding right to modify the work item forwarding configuration for identities other than the ones that should be allowed by Lifecycle Manager Quicklink Population configuration.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sailpoint | Identityiq | < 8.0 |
Related Weaknesses (CWE)
References
- https://www.sailpoint.com/security-advisories/sailpoint-identityiq-identity-forwVendor Advisory
- https://www.sailpoint.com/security-advisories/sailpoint-identityiq-identity-forwVendor Advisory
FAQ
What is CVE-2022-45435?
CVE-2022-45435 is a vulnerability with a CVSS score of 6.8 (MEDIUM). IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch...
How severe is CVE-2022-45435?
CVE-2022-45435 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-45435?
Check the references section above for vendor advisories and patch information. Affected products include: Sailpoint Identityiq.