CVE-2024-10905

IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versionsallow HTTP/HTTPS access tostatic content in the IdentityIQ application directory that should be protected.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
SailPointCNA
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
VendorProductVersion
sailpointidentityiq
8.2p8 <
𝑥
< 8.2p8
sailpointidentityiq
8.3p5 <
𝑥
< 8.3p5
sailpointidentityiq
8.4p2 <
𝑥
< 8.4p2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.sailpoint.com/security-advisories/identityiq-improper-access-control-vulnerability-cve-2024-10905