CVE-2024-3319 (GCVE-0-2024-3319)

Vulnerability from cvelistv5 – Published: 2024-05-15 15:44 – Updated: 2024-08-16 15:01
VLAI?
Summary
An issue was identified in the Identity Security Cloud (ISC) Transform preview and IdentityProfile preview API endpoints that allowed an authenticated administrator to execute user-defined templates as part of attribute transforms which could allow remote code execution on the host.
Severity ?
9.1 (Critical)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE
  • CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
Vendor Product Version
SailPoint Identity Security Cloud Affected: n/a
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:05:08.511Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.sailpoint.com/security-advisories/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:sailpoint:identity_security_cloud:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "identity_security_cloud",
            "vendor": "sailpoint",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-3319",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-09T20:23:55.262743Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-16T15:01:04.733Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Identity Security Cloud",
          "vendor": "SailPoint",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn issue was identified in the Identity Security Cloud (\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eISC\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e) \u003c/span\u003e\u003cem\u003eTransform preview\u003c/em\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e and \u003c/span\u003e\u003cem\u003eIdentityProfile preview\u003c/em\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAPI\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e endpoints that allowed an authenticated administrator to execute user-defined templates as part of attribute transforms which could allow remote code execution on the host.\u003c/span\u003e"
            }
          ],
          "value": "An issue was identified in the Identity Security Cloud (ISC) Transform preview and IdentityProfile preview API endpoints that allowed an authenticated administrator to execute user-defined templates as part of attribute transforms which could allow remote code execution on the host."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-242",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-242 Code Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-15T15:55:24.403Z",
        "orgId": "2cfc7547-56a0-4049-8b52-c3078e8a8719",
        "shortName": "SailPoint"
      },
      "references": [
        {
          "url": "https://www.sailpoint.com/security-advisories/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue has been resolved. No further action is needed.\u003c/span\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "This issue has been resolved. No further action is needed."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Security implication in SailPoint Identity Security Cloud IdentityProfile API Endpoints",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7547-56a0-4049-8b52-c3078e8a8719",
    "assignerShortName": "SailPoint",
    "cveId": "CVE-2024-3319",
    "datePublished": "2024-05-15T15:44:26.537Z",
    "dateReserved": "2024-04-04T16:14:54.310Z",
    "dateUpdated": "2024-08-16T15:01:04.733Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was identified in the Identity Security Cloud (ISC) Transform preview and IdentityProfile preview API endpoints that allowed an authenticated administrator to execute user-defined templates as part of attribute transforms which could allow remote code execution on the host.\"}, {\"lang\": \"es\", \"value\": \"Se identific\\u00f3 un problema en los endpoints de la API de vista previa de Transform de Identity Security Cloud (ISC) y de vista previa de IdentityProfile que permit\\u00edan que un administrador autenticado ejecutara plantillas definidas por el usuario como parte de las transformaciones de atributos, lo que podr\\u00eda permitir la ejecuci\\u00f3n remota de c\\u00f3digo en el host.\"}]",
      "id": "CVE-2024-3319",
      "lastModified": "2024-11-21T09:29:23.250",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@sailpoint.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 9.1, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 6.0}]}",
      "published": "2024-05-15T16:15:11.170",
      "references": "[{\"url\": \"https://www.sailpoint.com/security-advisories/\", \"source\": \"psirt@sailpoint.com\"}, {\"url\": \"https://www.sailpoint.com/security-advisories/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "psirt@sailpoint.com",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"psirt@sailpoint.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-94\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-3319\",\"sourceIdentifier\":\"psirt@sailpoint.com\",\"published\":\"2024-05-15T16:15:11.170\",\"lastModified\":\"2024-11-21T09:29:23.250\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was identified in the Identity Security Cloud (ISC) Transform preview and IdentityProfile preview API endpoints that allowed an authenticated administrator to execute user-defined templates as part of attribute transforms which could allow remote code execution on the host.\"},{\"lang\":\"es\",\"value\":\"Se identific\u00f3 un problema en los endpoints de la API de vista previa de Transform de Identity Security Cloud (ISC) y de vista previa de IdentityProfile que permit\u00edan que un administrador autenticado ejecutara plantillas definidas por el usuario como parte de las transformaciones de atributos, lo que podr\u00eda permitir la ejecuci\u00f3n remota de c\u00f3digo en el host.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@sailpoint.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.3,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"psirt@sailpoint.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"references\":[{\"url\":\"https://www.sailpoint.com/security-advisories/\",\"source\":\"psirt@sailpoint.com\"},{\"url\":\"https://www.sailpoint.com/security-advisories/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.sailpoint.com/security-advisories/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T20:05:08.511Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-3319\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-09T20:23:55.262743Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:sailpoint:identity_security_cloud:*:*:*:*:*:*:*:*\"], \"vendor\": \"sailpoint\", \"product\": \"identity_security_cloud\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-16T15:00:54.586Z\"}}], \"cna\": {\"title\": \"Security implication in SailPoint Identity Security Cloud IdentityProfile API Endpoints\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-242\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-242 Code Injection\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"SailPoint\", \"product\": \"Identity Security Cloud\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"This issue has been resolved. No further action is needed.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eThis issue has been resolved. No further action is needed.\u003c/span\u003e\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.sailpoint.com/security-advisories/\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An issue was identified in the Identity Security Cloud (ISC) Transform preview and IdentityProfile preview API endpoints that allowed an authenticated administrator to execute user-defined templates as part of attribute transforms which could allow remote code execution on the host.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eAn issue was identified in the Identity Security Cloud (\u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eISC\u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e) \u003c/span\u003e\u003cem\u003eTransform preview\u003c/em\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e and \u003c/span\u003e\u003cem\u003eIdentityProfile preview\u003c/em\u003e \u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eAPI\u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e endpoints that allowed an authenticated administrator to execute user-defined templates as part of attribute transforms which could allow remote code execution on the host.\u003c/span\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"2cfc7547-56a0-4049-8b52-c3078e8a8719\", \"shortName\": \"SailPoint\", \"dateUpdated\": \"2024-05-15T15:55:24.403Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-3319\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-16T15:01:04.733Z\", \"dateReserved\": \"2024-04-04T16:14:54.310Z\", \"assignerOrgId\": \"2cfc7547-56a0-4049-8b52-c3078e8a8719\", \"datePublished\": \"2024-05-15T15:44:26.537Z\", \"assignerShortName\": \"SailPoint\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.