CVE-2023-32217 Information

Description

IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3 IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6 IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7 IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow an authenticated user to invoke a Java constructor with no arguments or a Java constructor with a single Map argument in any Java class available in the IdentityIQ application classpath.

Reference

https://www.sailpoint.com/security-advisories/sailpoint-identityiq-unsafe-use-of-reflection-vulnerability-cve-2023-32217/