SailPoint IdentityIQ JavaServer File Path Traversal Vulnerability

IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow access to arbitrary files in the application server filesystem due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

对路径名的限制不恰当(路径遍历)

IdentitylQ 路径遍历漏洞

IdentityIQ是IdentityIQ公司的一款安全软件。提供信用监控、身份保险和防病毒。 IdentitylQ存在安全漏洞，该漏洞源于存在路径遍历，允许访问应用程序服务器文件系统中的任意文件。

N/A

N/A