A important safety vulnerability has been disclosed in SailPoint’s IdentityIQ id and get admission to control (IAM) instrument that permits unauthorized get admission to to content material saved throughout the utility listing.
The flaw, tracked as CVE-2024-10905, has a CVSS rating of 10.0, indicating most severity. It impacts IdentityIQ variations 8.2. 8.3, 8.4, and different earlier variations.
IdentityIQ “lets in HTTP get admission to to static content material within the IdentityIQ utility listing that are supposed to be safe,” consistent with an outline of the flaw on NIST’s Nationwide Vulnerability Database (NVD).
The vulnerability has been characterised as a case of mistaken dealing with of document names that determine digital sources (CWE-66), which might be abused to learn another way inaccessible recordsdata.
There are recently no different main points to be had in regards to the flaw, nor has SailPoint launched a safety advisory. The precise record of variations impacted by way of CVE-2024-10905 is indexed underneath –
- 8.4 and all 8.4 patch ranges prior to eight.4p2
- 8.3 and all 8.3 patch ranges prior to eight.3p5
- 8.2 and all 8.2 patch ranges prior to eight.2p8, and
- All prior variations
The Hacker Information has reached out to SailPoint for remark previous to the newsletter of this tale and can replace the piece if we listen again from the corporate.