CVE-2024-10905

Summary

IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions allow HTTP/HTTPS access to static content in the IdentityIQ application directory that should be protected.

Affected Software

VendorProductVersion RangeStatus
SailPoint TechnologiesIdentityIQ8.2 < 8.2p8affected
SailPoint TechnologiesIdentityIQ8.3 < 8.3p5affected
SailPoint TechnologiesIdentityIQ8.4 < 8.4p2affected

Weaknesses

  • CWE-66: CWE-66: Improper Handling of File Names that Identify Virtual Resources

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References