Critical Zero-Day Flaw in SailPoint IdentityIQ Enables Full System Access

Critical Zero-Day Flaw in SailPoint IdentityIQ Enables Full System Access

Critical Security Vulnerability in SailPoint IdentityIQ

A severe security flaw (CVE-2024-10905) with maximum CVSS score of 10.0 has been identified in SailPoint’s IdentityIQ IAM software. The vulnerability enables unauthorized access to protected content within the application directory through HTTP access.

Affected Versions:
– IdentityIQ 8.4 (prior to 8.4p2)
– IdentityIQ 8.3 (prior to 8.3p5)
– IdentityIQ 8.2 (prior to 8.2p8)
– All earlier versions

The vulnerability is classified as an improper file name handling issue (CWE-66), potentially allowing attackers to access restricted files. SailPoint has not yet released an official security advisory regarding this vulnerability.

Share This Article