CVE-2024-1714

HIGH

SailPoint IdentityIQ - Authenticated Access Request Bypass via Entitlement Whitespace Handling

Title source: llm

Description

An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated user in an access request.

References (1)

Core 1

Core References

Third Party Advisory

https://www.sailpoint.com/security-advisories/sailpoint-identityiq-access-request-for-entitlement-values-with-leading-trailing-whitespace-cve-2024-1714/

Scores

CVSS v3 7.1

EPSS 0.0034

EPSS Percentile 26.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-20

Status published

Products (4)

sailpoint/identityiq 8.1 (7 CPE variants)

sailpoint/identityiq 8.2 (4 CPE variants)

sailpoint/identityiq 8.3 (2 CPE variants)

sailpoint/identityiq 8.4

Published Feb 21, 2024

Tracked Since Feb 18, 2026