CVE-2022-45435 MEDIUM

CVE-2022-45435: SailPoint IdentityIQ Access Control Bypass

Vendor Sailpoint

Product IdentityIQ

Weakness CWE-863 · Incorrect authorization

Published January 31, 2023

Last update March 27, 2025

View on NVD All CVEs

CVSS base score

6.8/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6, and all prior versions allow authenticated users assigned the Identity Administrator capability or any custom capability that contains the SetIdentityForwarding right to modify the work item forwarding configuration for identities other than the ones that should be allowed by Lifecycle Manager Quicklink Population configuration.

Key dates

02Disclosure timeline

January 31, 2023 CVE published

March 27, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-45435 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/863.html

Related vulnerabilities

Identifiers

CVE CVE-2022-45435

CWE CWE-863

CVSS 6.8 / MEDIUM

Affected versions

Vendor Sailpoint

Product IdentityIQ

Affected ≥ 8.3 and ≤ 8.3p1

Vendor Sailpoint

Product IdentityIQ

Affected ≥ 8.2 and ≤ 8.2p4

Vendor Sailpoint

Product IdentityIQ

Affected ≥ 8.1 and ≤ 8.1p6

Vendor Sailpoint

Product IdentityIQ

Affected ≥ 8.0 and ≤ 8.0p5

CVE-2022-45435: SailPoint IdentityIQ Access Control Bypass

01Description

02Disclosure timeline

03References

04Related CVE