HomeVulnerabilityImportant SailPoint IdentityIQ Vulnerability Exposes Recordsdata to Unauthorized Entry

Important SailPoint IdentityIQ Vulnerability Exposes Recordsdata to Unauthorized Entry

A essential security vulnerability has been disclosed in SailPoint’s IdentityIQ identification and entry administration (IAM) software program that permits unauthorized entry to content material saved throughout the software listing.

The flaw, tracked as CVE-2024-10905, has a CVSS rating of 10.0, indicating most severity. It impacts IdentityIQ variations 8.2. 8.3, 8.4, and different earlier variations.

IdentityIQ “permits HTTP entry to static content material within the IdentityIQ software listing that ought to be protected,” based on an outline of the flaw on NIST’s Nationwide Vulnerability Database (NVD).

The vulnerability has been characterised as a case of improper dealing with of file names that determine digital sources (CWE-66), which might be abused to learn in any other case inaccessible information.

Cybersecurity

There are presently no different particulars accessible concerning the flaw, nor has SailPoint launched a security advisory. The precise checklist of variations impacted by CVE-2024-10905 is listed beneath –

  • 8.4 and all 8.4 patch ranges prior to eight.4p2
  • 8.3 and all 8.3 patch ranges prior to eight.3p5
  • 8.2 and all 8.2 patch ranges prior to eight.2p8, and
  • All prior variations
See also  Is China waging a cyber battle with Taiwan?

The Hacker Information has reached out to SailPoint for remark previous to the publication of this story and can replace the piece if we hear again from the corporate.

- Advertisment -spot_img
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular