CVE-2024-10905
EUVD-2024-3354602.12.2024, 15:15
IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions allow HTTP/HTTPS access to static content in the IdentityIQ application directory that should be protected.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| sailpoint | identityiq | 𝑥 < 8.2 |
| sailpoint | identityiq | 8.2 |
| sailpoint | identityiq | 8.2:patch1 |
| sailpoint | identityiq | 8.2:patch2 |
| sailpoint | identityiq | 8.2:patch4 |
| sailpoint | identityiq | 8.2:patch5 |
| sailpoint | identityiq | 8.2:patch7 |
| sailpoint | identityiq | 8.3 |
| sailpoint | identityiq | 8.3:patch1 |
| sailpoint | identityiq | 8.3:patch2 |
| sailpoint | identityiq | 8.3:patch4 |
| sailpoint | identityiq | 8.4 |
| sailpoint | identityiq | 8.4:patch1 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| sailpoint | identityiq | 8.2 ≤ 𝑥 < 8.2p8 | ADP |
| sailpoint | identityiq | 8.3 ≤ 𝑥 < 8.3p5 | ADP |
| sailpoint | identityiq | 8.4 ≤ 𝑥 < 8.4p2 | ADP |