10

CVE-2024-10905

IdentityIQ Improper Access Control VulnerabilityIdentityIQ Improper Access Control Vulnerability

IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions allow HTTP/HTTPS access to static content in the IdentityIQ application directory that should be protected.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SailpointIdentityiq Version < 8.2
SailpointIdentityiq Version8.2 Update-
SailpointIdentityiq Version8.2 Updatepatch1
SailpointIdentityiq Version8.2 Updatepatch2
SailpointIdentityiq Version8.2 Updatepatch4
SailpointIdentityiq Version8.2 Updatepatch5
SailpointIdentityiq Version8.2 Updatepatch7
SailpointIdentityiq Version8.3 Update-
SailpointIdentityiq Version8.3 Updatepatch1
SailpointIdentityiq Version8.3 Updatepatch2
SailpointIdentityiq Version8.3 Updatepatch4
SailpointIdentityiq Version8.4 Update-
SailpointIdentityiq Version8.4 Updatepatch1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.94% 0.561
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
psirt@sailpoint.com 10 3.9 6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE-66 Improper Handling of File Names that Identify Virtual Resources

The product does not handle or incorrectly handles a file name that identifies a "virtual" resource that is not directly specified within the directory that is associated with the file name, causing the product to perform file-based operations on a resource that is not a file.

https://www.sailpoint.com/security-advisories/identityiq-improper-access-control-vulnerability-cve-2024-10905
Vendor Advisory