Static Content Exposure in SailPoint’s IdentityIQ: A Security Concern
CVE-2024-10905
Key Information:
- Vendor
Sailpoint Technologies
- Status
- Vendor
- CVE Published:
- 2 December 2024
Badges
What is CVE-2024-10905?
The critical vulnerability CVE-2024-10905 in SailPoint's IdentityIQ has a maximum severity rating with a CVSS score of 10.0. It allows unauthorized access to the content stored within the application directory, affecting versions 8.2, 8.3, and 8.4, as well as previous versions. This vulnerability is due to the improper handling of file names identifying virtual resources, and there is no security advisory or further details available at this time. SailPoint has been contacted for comment, but there are currently no known exploitations of this vulnerability in the wild by ransomware groups.
Affected Version(s)
IdentityIQ 8.2
IdentityIQ 8.2 < 8.2p8
IdentityIQ 8.3 < 8.3p5
News Articles
CyberWireCVE-2024-10905Salt Typhoon breached at least eight US telecoms. Russia's Secret Blizzard exploits Pakistani APT's infrastructure.
Earth Minotaur targets Tibetan and Uyghur communities with mobile phishing attacks.
CyberWireCVE-2024-10905Large US organization breached by China-based hackers. Nebraska man pleads guilty to cryptojacking operation.
Russian bank reportedly disrupted by DDoS attack. SailPoint issues advisory for critical flaw.
Critical Vulnerability Discovered in SailPoint IdentityIQ
A critical directory traversal vulnerability in the SailPoint IdentityIQ IAM platform exposes restricted files to attackers.
References
CVSS V3.1
Timeline
- đź’°
Used in Ransomware
- đź‘ľ
Exploit known to exist
- đź“°
First article discovered by The Hacker News
Vulnerability published
Vulnerability Reserved