CVE-2022-46835 HIGH

CVE-2022-46835: SailPoint IdentityIQ JavaServer File Path Traversal Vulnerability

Vendor Sailpoint

Product IdentityIQ

Weakness CWE-22 · Path traversal

Published January 31, 2023

Last update March 27, 2025

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

Description

IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow access to arbitrary files in the application server filesystem due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950.

Key dates

Disclosure timeline

January 31, 2023 CVE published

March 27, 2025 Record updated

Identifiers

CVE CVE-2022-46835

CWE CWE-22

CVSS 8.8 / HIGH

Affected versions

Vendor Sailpoint

Product IdentityIQ

Affected ≥ 8.3 and ≤ 8.3p1

Vendor Sailpoint

Product IdentityIQ

Affected ≥ 8.2 and ≤ 8.2p4

Vendor Sailpoint

Product IdentityIQ

Affected ≥ 8.1 and ≤ 8.1p6

Vendor Sailpoint

Product IdentityIQ

Affected ≥ 8.0 and ≤ 8.0p5