CVE-2024-10905

Name of the Vulnerable Software and Affected Versions: SailPoint IdentityIQ versions 8.4 and all 8.4 patch levels prior to 8.4p2 SailPoint IdentityIQ versions 8.3 and all 8.3 patch levels prior to 8.3p5 SailPoint IdentityIQ versions 8.2 and all 8.2 patch levels prior to 8.2p8 SailPoint IdentityIQ versions prior to 8.2

Description: The issue is related to improper handling of file names, allowing unauthorized access to static content within the application directory. This could include sensitive configuration files, application code, and other data. The vulnerability has a high severity score and poses a significant threat to organizations relying on IdentityIQ for identity and access management. It is crucial to apply patches or mitigations immediately to prevent unauthorized access to sensitive data.

Recommendations: For SailPoint IdentityIQ versions 8.4 and all 8.4 patch levels prior to 8.4p2, update to version 8.4p2 or later. For SailPoint IdentityIQ versions 8.3 and all 8.3 patch levels prior to 8.3p5, update to version 8.3p5 or later. For SailPoint IdentityIQ versions 8.2 and all 8.2 patch levels prior to 8.2p8, update to version 8.2p8 or later. For SailPoint IdentityIQ versions prior to 8.2, update to a newer version that includes the fix for this issue. As a temporary workaround, consider restricting access to the application directory to minimize the risk of exploitation. Implement strong access controls and regularly review user permissions to prevent unauthorized access. Monitor for any unusual access patterns or unauthorized activities within the application.