What is CVE-2023-32217?

CVE-2023-32217 is a critical-severity vulnerability in Sailpoint Identityiq, classified under Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection). CVSS score: 9.0/10. Published 2023-05-31.

How severe is CVE-2023-32217?

Critical severity. CVSS v3 base score is 9.0 out of 10.

Vulnerability in Sailpoint Identityiq

CVE-2023-32217

IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow an authent…

EPSS: 0.008 (75.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H.

Affected products

Sailpoint Identityiq — versions 8.3, 8.2, 8.1

Weakness classification (CWE)

CWE-470 — Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection)

References

www.sailpoint.com/security-advisories/sailpoint-identityiq-unsafe-use-of-reflec…

Frequently asked questions

What is CVE-2023-32217?: CVE-2023-32217 is a critical-severity vulnerability in Sailpoint Identityiq, classified under Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection). CVSS score: 9.0/10. Published 2023-05-31.
How severe is CVE-2023-32217?: Critical severity. CVSS v3 base score is 9.0 out of 10.