CVE-2024-10905 | THREATINT

Description

IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions allow HTTP/HTTPS access to static content in the IdentityIQ application directory that should be protected.

PUBLISHED Reserved 2024-11-05 | Published 2024-12-02 | Updated 2025-01-06 | Assigner SailPoint

CRITICAL: 10.0CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-66: Improper Handling of File Names that Identify Virtual Resources

Product status

Default status

affected

8.2 (semver) before 8.2p8

affected

8.3 (semver) before 8.3p5

affected

8.4 (semver) before 8.4p2

affected

References

www.sailpoint.com/...ss-control-vulnerability-cve-2024-10905

cve.org (CVE-2024-10905)

nvd.nist.gov (CVE-2024-10905)

Download JSON