Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access

A critical security vulnerability has been disclosed in SailPoint’s IdentityIQ identity and access management (IAM) software that allows unauthorized access to content stored within the application directory.

The flaw, tracked as CVE-2024-10905, has a CVSS score of 10.0, indicating maximum severity. It affects IdentityIQ versions 8.2. 8.3, 8.4, and other previous versions.

IdentityIQ “allows HTTP access to static content in the IdentityIQ application directory that should be protected,” according to a description of the flaw on NIST’s National Vulnerability Database (NVD).

The vulnerability has been characterized as a case of improper handling of file names that identify virtual resources (CWE-66), which could be abused to read otherwise inaccessible files.

In an alert of its own, SailPoint said it has “released e-fixes for each impacted and supported version of IdentityIQ.” The exact list of versions impacted by CVE-2024-10905 is mentioned below –

8.4 and all 8.4 patch levels prior to 8.4p2
8.3 and all 8.3 patch levels prior to 8.3p5
8.2 and all 8.2 patch levels prior to 8.2p8, and
All prior versions

The Hacker News has reached out to SailPoint for comment prior to the publication of this story and will update the piece if we hear back from the company.

Update

In response to our queries, SailPoint CISO Rex Booth shared following statement with The Hacker News –

As part of our continued commitment to transparency and security, on Monday December 2, SailPoint issued a security advisory for its Identity IQ product which was assigned CVE-2024-10905. A fix has already been released, and we’ve provided customers with guidance on how to apply it.

Publishing CVEs is a voluntary practice across the industry that demonstrates dedication to security and transparency. At SailPoint, we invest in secure development practices and strive to catch vulnerabilities prior to software release, but, as with all software, new vulnerabilities can emerge as attacker tactics and detection capabilities evolve. For this reason, we continually test our products in all stages of the development lifecycle to minimize risk to our customers. Finding and remediating vulnerabilities is a symptom of a mature security program, and a company dedicated to safeguarding the cyber ecosystem.

Source

Leave a Comment Cancel Reply

London, GB

11:19 am, Jul 11, 2025

28°C

L: 26° | H: 30°

Feels like 28°C° few clouds

Humidity: 44 %

Pressure: 1021 mb

Wind: 3 mph SSE

Wind Gust: 9 mph

UV Index: 0

Precipitation: 0 mm

Clouds: 13%

Rain Chance: 0%

Visibility: 10 km

Sunrise: 4:56 am

Sunset: 9:15 pm

DailyHourly

Daily ForecastHourly Forecast

Today 10:00 pm

26° | 30°°C 0 mm 0% 8 mph 47 % 1021 mb 0 mm/h

Tomorrow 10:00 pm

18° | 30°°C 0 mm 0% 9 mph 65 % 1018 mb 0 mm/h

Sun Jul 13 10:00 pm

17° | 27°°C 0 mm 0% 7 mph 73 % 1014 mb 0 mm/h

Mon Jul 14 10:00 pm

20° | 29°°C 0 mm 0% 14 mph 71 % 1017 mb 0 mm/h

Tue Jul 15 10:00 pm

15° | 27°°C 0 mm 0% 13 mph 71 % 1021 mb 0 mm/h

Today 1:00 pm

29° | 29°°C 0 mm 0% 3 mph 41 % 1021 mb 0 mm/h

Today 4:00 pm

30° | 31°°C 0 mm 0% 5 mph 34 % 1019 mb 0 mm/h

Today 7:00 pm

28° | 28°°C 0 mm 0% 5 mph 28 % 1017 mb 0 mm/h

Today 10:00 pm

22° | 22°°C 0 mm 0% 8 mph 47 % 1019 mb 0 mm/h

Tomorrow 1:00 am

18° | 18°°C 0 mm 0% 4 mph 55 % 1018 mb 0 mm/h

Tomorrow 4:00 am

19° | 19°°C 0 mm 0% 4 mph 65 % 1018 mb 0 mm/h

Tomorrow 7:00 am

19° | 19°°C 0 mm 0% 6 mph 64 % 1018 mb 0 mm/h

Tomorrow 10:00 am

24° | 24°°C 0 mm 0% 6 mph 45 % 1017 mb 0 mm/h

Name	Price	24H (%)
Bitcoin(BTC)	€101,139.88	6.59%
Ethereum(ETH)	€2,571.95	8.45%
Tether(USDT)	€0.85	0.01%
XRP(XRP)	€2.24	7.60%
Solana(SOL)	€140.51	4.38%
USDC(USDC)	€0.85	0.01%
Dogecoin(DOGE)	€0.170312	10.25%
Shiba Inu(SHIB)	€0.000011	7.93%
Pepe(PEPE)	€0.000011	15.70%
Peanut the Squirrel(PNUT)	€0.246894	20.17%

Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access

Share:

Update

Leave a Comment Cancel Reply

Utility link

Useful link

Newsletter

Follow Us