Assigner | SailPoint |
Reserved | 2024-04-04 |
Published | 2024-05-15 |
Updated | 2024-06-04 |
Description
An improper access control was identified in the Identity Security Cloud (ISC) message server API that allowed an authenticated user to exfiltrate job processing metadata (opaque messageIDs, work queue depth and counts) for other tenants.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Problem types
CWE-1284 Improper Validation of Specified Quantity in Input
Product status
Any version
References
https://www.sailpoint.com/security-advisories/