CVE-2024-10905

IdentityIQ Improper Access Control VulnerabilityIdentityIQ Improper Access Control Vulnerability

CVSS 10 CRITICALEPSS 0.9%CWE-66

IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions allow HTTP/HTTPS access to static content in the IdentityIQ application directory that should be protected.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Produtos afetados

SailPoint Technologies · IdentityIQ

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.sailpoint.com/security-advisories/identityiq-improper-access-control-vulnerability-cve-2024-10905