CVE-2024-2227

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Mar 22, 2024

CWE ID 94

Summary

CVE-2024-2227 is a new vulnerability that allows unauthorized access to arbitrary files in the IdentityIQ application server file system. This issue is a result of a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20, which was previously identified and addressed in CVE-2020-6950. The current security fix includes additional changes to the remediation announced in May 2021 (ETN IIQSAW-3585) and January 2024 (IIQFW-336). Previously, these remediation efforts had addressed the vulnerability in JSF, but failed to protect against this specific type of file access. This new vulnerability is assigned CVE-2024-2227.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uExvNo
https://www.cve.org/CVERecord?id=CVE-2024-2227
https://nvd.nist.gov/vuln/detail/CVE-2024-2227

Back to Vulnerability Database

CVE-2024-2227

CVSS 3.1 Score 7.2 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations