Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SailPoint IdentityIQ Unsafe use of Reflection Vulnerability
Vulnerability Description
IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow an authenticated user to invoke a Java constructor with no arguments or a Java constructor with a single Map argument in any Java class available in the IdentityIQ application classpath.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
使用外部可控制的输入来选择类或代码(不安全的反射)
Vulnerability Title
IdentityIQ 安全漏洞
Vulnerability Description
IdentityIQ是IdentityIQ公司的一款安全软件。提供信用监控、身份保险和防病毒。 IdentityIQ存在安全漏洞,该漏洞源于允许经过身份验证的用户在可用的任何Java类中调用不带参数的Java构造函数或具有单个Map参数的Java构造函数。
CVSS Information
N/A
Vulnerability Type
N/A