← back
CVE-2024-10905

IdentityIQ Improper Access Control VulnerabilityIdentityIQ Improper Access Control Vulnerability

CVSS 10 CRITICALEPSS 0.9%CWE-66
IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions allow HTTP/HTTPS access to static content in the IdentityIQ application directory that should be protected.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
SailPoint Technologies · IdentityIQ

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.sailpoint.com/security-advisories/identityiq-improper-access-control-vulnerability-cve-2024-10905