CVE-2024-1714

Published: Feb 21, 2024Modified: Sep 30, 2025

7.1

Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L

Exploitability: 1.3 / Impact: 5.3

Source: psirt@sailpoint.com (Secondary)

Description

An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated user in an access request.

Affected (14)

Products: Sailpoint: Identityiq

Sailpoint

1 product

Identityiq

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Sailpoint Identityiq	Version 8.1
Sailpoint Identityiq	Version 8.1 patch1
Sailpoint Identityiq	Version 8.1 patch2
Sailpoint Identityiq	Version 8.1 patch3
Sailpoint Identityiq	Version 8.1 patch4
Sailpoint Identityiq	Version 8.1 patch5
Sailpoint Identityiq	Version 8.1 patch6
Sailpoint Identityiq	Version 8.2
Sailpoint Identityiq	Version 8.2 patch1
Sailpoint Identityiq	Version 8.2 patch2
Sailpoint Identityiq	Version 8.2 patch4
Sailpoint Identityiq	Version 8.3
Sailpoint Identityiq	Version 8.3 patch1
Sailpoint Identityiq	Version 8.4

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://www.sailpoint.com/security-advisories/sailpoint-identityiq-access-request-for-entitlement-values-with-leading-trailing-whitespace-cve-2024-1714/

Source: psirt@sailpoint.com

Third Party Advisory

https://www.sailpoint.com/security-advisories/sailpoint-identityiq-access-request-for-entitlement-values-with-leading-trailing-whitespace-cve-2024-1714/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.