CVE-2024-10905

CRITICAL

10.0

Description

IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions allow HTTP/HTTPS access to static content in the IdentityIQ application directory that should be protected.

CVE Details

CVSS v3.1 Score10.0

SeverityCRITICAL

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published12/2/2024

Last Modified11/12/2025

Sourcenvd

Honeypot Sightings0

Affected Products

sailpoint:identityiq

Weaknesses (CWE)

CWE-66

References

https://www.sailpoint.com/security-advisories/identityiq-improper-access-control-vulnerability-cve-2024-10905(psirt@sailpoint.com)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.