CVE-2022-46835 Information

Description

IdentitylQ 8.3 and all 8.3 patch levels prior to 8.3p2 IdentitylQ 8.2 and all 8.2 patch levels prior to 8.2p5 IdentitylQ 8.1 and all 8.1 patch levels prior to 8.1p7 Identity|Q 8.0 and all 8.0 patch levels prior to 8.0p6 allow access to arbitrary files in the application server filesystem due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950.

Reference

https://www.sailpoint.com/security-advisories/sailpoint-identityiq-file-traversal-vulnerability-cve-2022-46835/