SailPoint IdentityIQ has been affected by a critical vulnerability, that could allow sensitive data exposure
The vulnerability tracked as CVE-2024-10905 with a CVSS score of 10.0, stems from improper access controls within IdentityIQ. Attackers can exploit this weakness to gain unauthorized access to static content within the application directory. This could include sensitive configuration files, application code, and potentially even user data.
The vulnerability affects a wide range of IdentityIQ versions, including:
- IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2
- IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5
- IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8
- All previous versions of IdentityIQ
SailPoint has released patches to address this vulnerability for all supported versions of IdentityIQ. Organizations using any of the affected versions are strongly urged to apply these patches immediately. Future patch levels will also include the necessary fixes.
For more information, refer to the blog
