Note: This Emerging Threat is also published in the new Fortra Security & Trust Center - the new location for all Emerging Threats beginning in January 2025. Refer to Emerging Threats Moving to Fortra.com for more information on following Emerging Threats in their new location.
Fortra is actively researching an improper access control vulnerability in SailPoint’s IdentityIQ – CVE-2024-10905. This vulnerability could allow unauthorized HTTP access to static content in the IdentityIQ application directory. SailPoint has released fixes for this vulnerability, which customers should apply as soon as possible.
Who is affected?
The following versions of IdentityIQ are affected:
- IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2
- IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5
- IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8
- All previous versions of IdentityIQ
What can I do?
SailPoint has released fixes for each impacted and supported version of IdentityIQ. Customers should apply the appropriate fixes as soon as possible.
For a link to the fixes, refer to SailPoint’s security advisory.
How is Fortra helping me?
Fortra is actively researching this threat to build detection capabilities.
Updates
Fortra has kicked off the Emerging Threats process for this vulnerability. This article will be updated with new information about this vulnerability and related security coverage as it becomes available.
Comments
0 comments
Please sign in to leave a comment.