平台
other
组件
sailpoint-identity-security-cloud
CVE-2024-3319 is a critical remote code execution (RCE) vulnerability discovered in SailPoint Identity Security Cloud (ISC). This flaw resides within the Transform preview and IdentityProfile preview API endpoints, allowing a logged-in administrator to execute arbitrary templates. The vulnerability impacts versions prior to a fixed release, and SailPoint is actively working on a patch.
The impact of CVE-2024-3319 is severe. An authenticated administrator, with relatively low privileges, can leverage this vulnerability to execute arbitrary code on the underlying SailPoint ISC host. This could lead to complete system compromise, data exfiltration, and disruption of identity and access management services. Attackers could potentially gain persistent access, install malware, or pivot to other systems within the network. The ability to execute user-defined templates significantly broadens the attack surface, as malicious templates could be crafted to perform a wide range of actions.
CVE-2024-3319 was publicly disclosed on 2024-05-15. Its CRITICAL CVSS score indicates a high probability of exploitation. Public proof-of-concept code is not yet available, but the ease of exploitation (requiring only authenticated administrator access) suggests it may become a target for opportunistic attackers. Monitor CISA advisories and SailPoint security bulletins for updates and potential KEV listing.
Organizations heavily reliant on SailPoint Identity Security Cloud for identity and access management are at significant risk. This includes enterprises with complex attribute transformation workflows and those who grant broad administrative privileges to users. Shared hosting environments utilizing SailPoint ISC are also particularly vulnerable.
disclosure
漏洞利用状态
EPSS
3.83% (88% 百分位)
CVSS 向量
Due to the lack of a specified fixed version, immediate mitigation is challenging. SailPoint recommends contacting their support team for guidance and temporary workarounds. Until a patch is available, restrict access to the Transform preview and IdentityProfile preview API endpoints to only trusted administrators. Implement strict input validation and sanitization on any user-supplied data used in attribute transforms. Consider using a web application firewall (WAF) to block suspicious requests targeting these endpoints. Closely monitor system logs for any unusual activity related to attribute transforms.
将 SailPoint Identity Security Cloud 更新到最新可用版本。请参阅 SailPoint 安全公告以获取有关更新和可用缓解措施的详细说明。限制对 Transform 预览和 IdentityProfile API 的访问,仅允许严格必要的用户访问。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2024-3319 is a critical remote code execution vulnerability in SailPoint Identity Security Cloud's Transform and IdentityProfile preview APIs, allowing authenticated administrators to execute arbitrary code.
If you are using SailPoint Identity Security Cloud prior to the fixed version (currently unspecified), you are potentially affected by this vulnerability. Contact SailPoint support to confirm.
Upgrade to the fixed version as soon as it is released by SailPoint. Until then, implement mitigation strategies like restricting access and input validation.
While no active exploitation has been publicly confirmed, the vulnerability's severity and ease of exploitation suggest it may become a target. Continuous monitoring is crucial.
Refer to the official SailPoint security advisory page for updates and details regarding CVE-2024-3319: [https://www.sailpoint.com/security](https://www.sailpoint.com/security)