1. Home
  2. CVE Database
  3. CVE-2024-3317
MEDIUM · 6.5

CVE-2024-3317

An improper access control was identified in the Identity Security Cloud (ISC) message server API that allowed an authenticated user to exfiltrate job processing metadata (opaque messageIDs, work queu...

Vulnerability Description

An improper access control was identified in the Identity Security Cloud (ISC) message server API that allowed an authenticated user to exfiltrate job processing metadata (opaque messageIDs, work queue depth and counts) for other tenants.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Related Weaknesses (CWE)

CWE-1284

References

FAQ

What is CVE-2024-3317?

CVE-2024-3317 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An improper access control was identified in the Identity Security Cloud (ISC) message server API that allowed an authenticated user to exfiltrate job processing metadata (opaque messageIDs, work queu...

How severe is CVE-2024-3317?

CVE-2024-3317 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-3317?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.