DE
DE EN
DE
DE EN
Kontakt
Anmeldung
Themen
Finanzen & Versicherung
Handel
Industrie
IT & Beratung
Tourismus
Transport
Recht
Öffentlich

Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access

0
Teilen:

A critical security vulnerability has been disclosed in SailPoint’s IdentityIQ identity and access management (IAM) software that allows unauthorized access to content stored within the application directory.

The flaw, tracked as CVE-2024-10905, has a CVSS score of 10.0, indicating maximum severity. It affects IdentityIQ versions 8.2. 8.3, 8.4, and other previous versions.

IdentityIQ “allows HTTP access to static content in the IdentityIQ application directory that should be protected,” according to a description of the flaw on NIST’s National Vulnerability Database (NVD).

The vulnerability has been characterized as a case of improper handling of file names that identify virtual resources (CWE-66), which could be abused to read otherwise inaccessible files.

In an alert of its own, SailPoint said it has “released e-fixes for each impacted and supported version of IdentityIQ.” The exact list of versions impacted by CVE-2024-10905 is mentioned below –

  • 8.4 and all 8.4 patch levels prior to 8.4p2
  • 8.3 and all 8.3 patch levels prior to 8.3p5
  • 8.2 and all 8.2 patch levels prior to 8.2p8, and
  • All prior versions

The Hacker News has reached out to SailPoint for comment prior to the publication of this story and will update the piece if we hear back from the company.

Update

In response to our queries, SailPoint CISO Rex Booth shared following statement with The Hacker News –

As part of our continued commitment to transparency and security, on Monday December 2, SailPoint issued a security advisory for its Identity IQ product which was assigned CVE-2024-10905. A fix has already been released, and we’ve provided customers with guidance on how to apply it.

Publishing CVEs is a voluntary practice across the industry that demonstrates dedication to security and transparency. At SailPoint, we invest in secure development practices and strive to catch vulnerabilities prior to software release, but, as with all software, new vulnerabilities can emerge as attacker tactics and detection capabilities evolve. For this reason, we continually test our products in all stages of the development lifecycle to minimize risk to our customers. Finding and remediating vulnerabilities is a symptom of a mature security program, and a company dedicated to safeguarding the cyber ecosystem.

Quelle

Kommentar verfassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

lade-bild
London, GB
10:24 pm, Apr. 22, 2025
Wetter-Symbol 11°C
L: 9° | H: 12°
broken clouds
Luftfeuchtigkeit: 79 %
Druck: 1016 mb
Wind: 7 mph S
Windböe: 17 mph
UV-Index: 0
Niederschlag: 0 mm
Wolken: 68%
Regen Chance: 0%
Sichtbarkeit: 10 km
Sonnenaufgang: 5:49 am
Sonnenuntergang: 8:07 pm
TäglichStündlich
Tägliche VorhersageStündliche Vorhersage
Tomorrow 10:00 pm
Wetter-Symbol
9° | 12°°C 1 mm 100% 13 mph 93 % 1018 mb 0 mm/h
Do. Apr. 24 10:00 pm
Wetter-Symbol
7° | 16°°C 0.2 mm 20% 6 mph 85 % 1023 mb 0 mm/h
Fr. Apr. 25 10:00 pm
Wetter-Symbol
8° | 17°°C 0 mm 0% 9 mph 84 % 1024 mb 0 mm/h
Sa. Apr. 26 10:00 pm
Wetter-Symbol
9° | 16°°C 0.99 mm 99% 6 mph 89 % 1024 mb 0 mm/h
So. Apr. 27 10:00 pm
Wetter-Symbol
9° | 19°°C 0 mm 0% 8 mph 96 % 1025 mb 0 mm/h
Tomorrow 1:00 am
Wetter-Symbol
10° | 10°°C 0 mm 0% 7 mph 78 % 1015 mb 0 mm/h
Tomorrow 4:00 am
Wetter-Symbol
8° | 9°°C 1 mm 100% 9 mph 90 % 1012 mb 0 mm/h
Tomorrow 7:00 am
Wetter-Symbol
8° | 8°°C 1 mm 100% 13 mph 93 % 1009 mb 0 mm/h
Tomorrow 10:00 am
Wetter-Symbol
10° | 10°°C 1 mm 100% 10 mph 93 % 1010 mb 0 mm/h
Tomorrow 1:00 pm
Wetter-Symbol
11° | 11°°C 0.8 mm 80% 9 mph 84 % 1012 mb 0 mm/h
Tomorrow 4:00 pm
Wetter-Symbol
11° | 11°°C 0.2 mm 20% 11 mph 72 % 1013 mb 0 mm/h
Tomorrow 7:00 pm
Wetter-Symbol
11° | 11°°C 0 mm 0% 7 mph 73 % 1015 mb 0 mm/h
Tomorrow 10:00 pm
Wetter-Symbol
9° | 9°°C 0 mm 0% 3 mph 89 % 1018 mb 0 mm/h
Wetter von OpenWeatherMap
Name Preis24H (%)
Bitcoin(BTC)
€79,638.07
4.92%
Ethereum(ETH)
€1,491.85
8.74%
Fesseln(USDT)
€0.87
0.04%
XRP(XRP)
€1.88
4.04%
Solana(SOL)
€126.50
6.55%
USDC(USDC)
€0.87
0.00%
Dogecoin(DOGE)
€0.151501
9.76%
Shiba Inu(SHIB)
€0.000011
8.29%
Pepe(PEPE)
€0.000008
10.44%
Risikomonitor
Erkennen und überwachen Sie IT-Schwachstellen mit nur einem Klick, bevor es zu spät ist.

Verbindung zum Dienstprogramm

Nützlicher Link

Newsletter

Folgen Sie uns

Facebook Twitter Youtube Linkedin

© 2025 risikomonitor.com gmbh

Nach oben scrollen