CVE-2024-2227

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Mar 22, 2024
CWE ID 94

Summary

CVE-2024-2227 is a new vulnerability that allows unauthorized access to arbitrary files in the IdentityIQ application server file system. This issue is a result of a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20, which was previously identified and addressed in CVE-2020-6950. The current security fix includes additional changes to the remediation announced in May 2021 (ETN IIQSAW-3585) and January 2024 (IIQFW-336). Previously, these remediation efforts had addressed the vulnerability in JSF, but failed to protect against this specific type of file access. This new vulnerability is assigned CVE-2024-2227.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share