A severe security flaw (CVE-2024-10905) with maximum CVSS score of 10.0 has been identified in SailPoint’s IdentityIQ IAM software. The vulnerability enables unauthorized access to protected content within the application directory through HTTP access.
Affected Versions:
– IdentityIQ 8.4 (prior to 8.4p2)
– IdentityIQ 8.3 (prior to 8.3p5)
– IdentityIQ 8.2 (prior to 8.2p8)
– All earlier versions
The vulnerability is classified as an improper file name handling issue (CWE-66), potentially allowing attackers to access restricted files. SailPoint has not yet released an official security advisory regarding this vulnerability.