10
CVE-2024-10905
- EPSS 0.89%
- Veröffentlicht 02.12.2024 15:15:10
- Zuletzt bearbeitet 12.11.2025 15:49:07
- Quelle psirt@sailpoint.com
- CVE-Watchlists
- Unerledigt
IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions allow HTTP/HTTPS access to static content in the IdentityIQ application directory that should be protected.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
Sailpoint ≫ Identityiq Version < 8.2
Sailpoint ≫ Identityiq Version8.2 Update-
Sailpoint ≫ Identityiq Version8.2 Updatepatch1
Sailpoint ≫ Identityiq Version8.2 Updatepatch2
Sailpoint ≫ Identityiq Version8.2 Updatepatch4
Sailpoint ≫ Identityiq Version8.2 Updatepatch5
Sailpoint ≫ Identityiq Version8.2 Updatepatch7
Sailpoint ≫ Identityiq Version8.3 Update-
Sailpoint ≫ Identityiq Version8.3 Updatepatch1
Sailpoint ≫ Identityiq Version8.3 Updatepatch2
Sailpoint ≫ Identityiq Version8.3 Updatepatch4
Sailpoint ≫ Identityiq Version8.4 Update-
Sailpoint ≫ Identityiq Version8.4 Updatepatch1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.89% | 0.75 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| psirt@sailpoint.com | 10 | 3.9 | 6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
CWE-66 Improper Handling of File Names that Identify Virtual Resources
The product does not handle or incorrectly handles a file name that identifies a "virtual" resource that is not directly specified within the directory that is associated with the file name, causing the product to perform file-based operations on a resource that is not a file.