IdentityIQ 8.3 and all 8.3 patch levels before 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels before 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels before 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels before 8.0p6 allow access to arbitrary files in the application server filesystem due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sailpoint identityiq 8.3 |
||
sailpoint identityiq 8.2 |
||
sailpoint identityiq 8.1 |
||
sailpoint identityiq 8.0 |