{
    "dataType": "CVE_RECORD",
    "dataVersion": "5.1",
    "cveMetadata": {
        "cveId": "CVE-2024-3317",
        "assignerOrgId": "2cfc7547-56a0-4049-8b52-c3078e8a8719",
        "state": "PUBLISHED",
        "assignerShortName": "SailPoint",
        "dateReserved": "2024-04-04T16:14:51.162Z",
        "datePublished": "2024-05-15T15:55:07.011Z",
        "dateUpdated": "2024-08-01T20:05:08.372Z"
    },
    "containers": {
        "cna": {
            "affected": [
                {
                    "defaultStatus": "unaffected",
                    "product": "Identity Security Cloud",
                    "vendor": "SailPoint",
                    "versions": [
                        {
                            "status": "affected",
                            "version": "n/a"
                        }
                    ]
                }
            ],
            "descriptions": [
                {
                    "lang": "en",
                    "supportingMedia": [
                        {
                            "base64": false,
                            "type": "text/html",
                            "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">An improper access control was identified in the Identity Security Cloud (</span><span style=\"background-color: rgb(255, 255, 255);\">ISC</span><span style=\"background-color: rgb(255, 255, 255);\">) message server </span><span style=\"background-color: rgb(255, 255, 255);\">API</span><span style=\"background-color: rgb(255, 255, 255);\"> that allowed an authenticated user to exfiltrate job processing metadata (opaque messageIDs, work queue depth and counts) for other tenants.</span>\n\n"
                        }
                    ],
                    "value": "An improper access control was identified in the Identity Security Cloud (ISC) message server API that allowed an authenticated user to exfiltrate job processing metadata (opaque messageIDs, work queue depth and counts) for other tenants."
                }
            ],
            "impacts": [
                {
                    "capecId": "CAPEC-153",
                    "descriptions": [
                        {
                            "lang": "en",
                            "value": "CAPEC-153 Input Data Manipulation"
                        }
                    ]
                }
            ],
            "metrics": [
                {
                    "cvssV3_1": {
                        "attackComplexity": "LOW",
                        "attackVector": "NETWORK",
                        "availabilityImpact": "NONE",
                        "baseScore": 6.5,
                        "baseSeverity": "MEDIUM",
                        "confidentialityImpact": "HIGH",
                        "integrityImpact": "NONE",
                        "privilegesRequired": "LOW",
                        "scope": "UNCHANGED",
                        "userInteraction": "NONE",
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                        "version": "3.1"
                    },
                    "format": "CVSS",
                    "scenarios": [
                        {
                            "lang": "en",
                            "value": "GENERAL"
                        }
                    ]
                }
            ],
            "problemTypes": [
                {
                    "descriptions": [
                        {
                            "cweId": "CWE-1284",
                            "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
                            "lang": "en",
                            "type": "CWE"
                        }
                    ]
                }
            ],
            "providerMetadata": {
                "orgId": "2cfc7547-56a0-4049-8b52-c3078e8a8719",
                "shortName": "SailPoint",
                "dateUpdated": "2024-05-15T15:55:07.011Z"
            },
            "references": [
                {
                    "url": "https://www.sailpoint.com/security-advisories/"
                }
            ],
            "solutions": [
                {
                    "lang": "en",
                    "supportingMedia": [
                        {
                            "base64": false,
                            "type": "text/html",
                            "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">This issue has been resolved. No further action is needed.</span>\n\n<br>"
                        }
                    ],
                    "value": "This issue has been resolved. No further action is needed."
                }
            ],
            "source": {
                "discovery": "UNKNOWN"
            },
            "title": "SailPoint Identity Security Cloud Improper Access Control",
            "x_generator": {
                "engine": "Vulnogram 0.2.0"
            }
        },
        "adp": [
            {
                "title": "CISA ADP Vulnrichment",
                "metrics": [
                    {
                        "other": {
                            "type": "ssvc",
                            "content": {
                                "id": "CVE-2024-3317",
                                "role": "CISA Coordinator",
                                "options": [
                                    {
                                        "Exploitation": "none"
                                    },
                                    {
                                        "Automatable": "no"
                                    },
                                    {
                                        "Technical Impact": "total"
                                    }
                                ],
                                "version": "2.0.3",
                                "timestamp": "2024-05-15T17:37:12.571138Z"
                            }
                        }
                    }
                ],
                "providerMetadata": {
                    "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                    "shortName": "CISA-ADP",
                    "dateUpdated": "2024-06-04T17:32:57.486Z"
                }
            },
            {
                "providerMetadata": {
                    "orgId": "af854a3a-2127-422b-91ae-364da2661108",
                    "shortName": "CVE",
                    "dateUpdated": "2024-08-01T20:05:08.372Z"
                },
                "title": "CVE Program Container",
                "references": [
                    {
                        "url": "https://www.sailpoint.com/security-advisories/",
                        "tags": [
                            "x_transferred"
                        ]
                    }
                ]
            }
        ]
    }
}