Platform
other
Component
sailpoint-identity-security-cloud
CVE-2024-3319 is a critical remote code execution (RCE) vulnerability discovered in SailPoint Identity Security Cloud (ISC). This flaw resides within the Transform preview and IdentityProfile preview API endpoints, allowing a logged-in administrator to execute arbitrary templates. The vulnerability impacts versions prior to a fixed release, and SailPoint is actively working on a patch.
The impact of CVE-2024-3319 is severe. An authenticated administrator, with relatively low privileges, can leverage this vulnerability to execute arbitrary code on the underlying SailPoint ISC host. This could lead to complete system compromise, data exfiltration, and disruption of identity and access management services. Attackers could potentially gain persistent access, install malware, or pivot to other systems within the network. The ability to execute user-defined templates significantly broadens the attack surface, as malicious templates could be crafted to perform a wide range of actions.
CVE-2024-3319 was publicly disclosed on 2024-05-15. Its CRITICAL CVSS score indicates a high probability of exploitation. Public proof-of-concept code is not yet available, but the ease of exploitation (requiring only authenticated administrator access) suggests it may become a target for opportunistic attackers. Monitor CISA advisories and SailPoint security bulletins for updates and potential KEV listing.
Exploit Status
EPSS
3.83% (88% percentile)
CVSS Vector
Due to the lack of a specified fixed version, immediate mitigation is challenging. SailPoint recommends contacting their support team for guidance and temporary workarounds. Until a patch is available, restrict access to the Transform preview and IdentityProfile preview API endpoints to only trusted administrators. Implement strict input validation and sanitization on any user-supplied data used in attribute transforms. Consider using a web application firewall (WAF) to block suspicious requests targeting these endpoints. Closely monitor system logs for any unusual activity related to attribute transforms.
Update SailPoint Identity Security Cloud to the latest available version. Consult the SailPoint security advisory for detailed instructions on updating and available mitigations. Limit access to the Transform preview and IdentityProfile API endpoints to strictly necessary users.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-3319 is a critical remote code execution vulnerability in SailPoint Identity Security Cloud's Transform and IdentityProfile preview APIs, allowing authenticated administrators to execute arbitrary code.
If you are using SailPoint Identity Security Cloud prior to the fixed version (currently unspecified), you are potentially affected by this vulnerability. Contact SailPoint support to confirm.
Upgrade to the fixed version as soon as it is released by SailPoint. Until then, implement mitigation strategies like restricting access and input validation.
While no active exploitation has been publicly confirmed, the vulnerability's severity and ease of exploitation suggest it may become a target. Continuous monitoring is crucial.
Refer to the official SailPoint security advisory page for updates and details regarding CVE-2024-3319: [https://www.sailpoint.com/security](https://www.sailpoint.com/security)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.