Lucene search
K

89 matches found

BDU FSTEC
BDU FSTEC
added 2024/12/05 12:0 a.m.6 views

The vulnerability of the comprehensive solution for managing user identification, access rights, and compliance with SailPoint IdentityIQ lies in improper handling of file names. This allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the comprehensive solution for managing user identification, access rights, and compliance with SailPoint IdentityIQ is related to incorrect handling of file names. Exploiting this vulnerability can allow attackers to compromise the confidentiality, integrity, and accessibili...

10CVSS8.1AI score0.00954EPSS
Exploits0References2Affected Software1
The Hacker News
The Hacker News
added 2024/12/04 5:8 a.m.19 views

Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access

A critical security vulnerability has been disclosed in SailPoint's IdentityIQ identity and access management IAM software that allows unauthorized access to content stored within the application directory. The flaw, tracked as CVE-2024-10905 , has a CVSS score of 10.0, indicating maximum severit...

10CVSS9.3AI score0.00954EPSS
Exploits0
OSV
OSV
added 2024/12/02 3:15 p.m.3 views

CVE-2024-10905

IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions allow HTTP/HTTPS access to static content in the IdentityIQ application directory that should be protected...

9.8CVSS5.8AI score0.00954EPSS
Exploits0References1
NVD
NVD
added 2024/12/02 3:15 p.m.51 views

CVE-2024-10905

IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions allow HTTP/HTTPS access to static content in the IdentityIQ application directory that should be protected...

10CVSS0.00954EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/02 2:49 p.m.75 views

CVE-2024-10905 IdentityIQ Improper Access Control VulnerabilityIdentityIQ Improper Access Control Vulnerability

IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions allow HTTP/HTTPS access to static content in the IdentityIQ application directory that should be protected...

10CVSS9.5AI score0.00954EPSS
Exploits0References1
CVE
CVE
added 2024/12/02 2:49 p.m.277 views

CVE-2024-10905

CVE-2024-10905 affects SailPoint IdentityIQ 8.2, 8.3, 8.4 and prior versions, where HTTP/HTTPS access to static content in the IdentityIQ application directory is improperly allowed. Root cause cited as improper handling of file names identifying virtual resources (CWE-66). Impact is high: potent...

10CVSS9.5AI score0.00954EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/12/02 2:49 p.m.82 views

CVE-2024-10905 IdentityIQ Improper Access Control VulnerabilityIdentityIQ Improper Access Control Vulnerability

IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions allow HTTP/HTTPS access to static content in the IdentityIQ application directory that should be protected...

10CVSS0.00954EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/02 12:0 a.m.4 views

SailPoint IdentityIQ 安全漏洞

SailPoint IdentityIQ is a security software from SailPoint, Inc. which provides credit monitoring, identity insurance, and antivirus. A security vulnerability exists in SailPoint IdentityIQ that originates from allowing HTTP access to static content in the application catalog that should be...

10CVSS9AI score0.00954EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/11 12:0 a.m.4 views

PT-2024-9115

Name of the Vulnerable Software and Affected Versions: SailPoint IdentityIQ versions 8.4 and all 8.4 patch levels prior to 8.4p2 SailPoint IdentityIQ versions 8.3 and all 8.3 patch levels prior to 8.3p5 SailPoint IdentityIQ versions 8.2 and all 8.2 patch levels prior to 8.2p8 SailPoint IdentityIQ...

10CVSS9.2AI score0.00954EPSS
Exploits0References34
OSV
OSV
added 2024/03/22 4:15 p.m.5 views

CVE-2024-2227

This vulnerability allows access to arbitrary files in the application server file system due to a path traversal vulnerability in JavaServer Faces JSF 2.2.20 documented in CVE-2020-6950. The remediation for this vulnerability contained in this security fix provides additional changes to the...

7.5CVSS5.9AI score0.0078EPSS
Exploits0References1
NVD
NVD
added 2024/03/22 4:15 p.m.36 views

CVE-2024-2227

This vulnerability allows access to arbitrary files in the application server file system due to a path traversal vulnerability in JavaServer Faces JSF 2.2.20 documented in CVE-2020-6950. The remediation for this vulnerability contained in this security fix provides additional changes to the...

10CVSS7.4AI score0.0078EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/22 3:50 p.m.16 views

CVE-2024-2228 IdentityIQ Authorization of QuickLink Target Identities Vulnerability

This vulnerability allows an authenticated user to perform a Lifecycle Manager flow or other QuickLink for a target user outside of the defined QuickLink Population...

7.1CVSS6.7AI score0.00387EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/22 3:50 p.m.19 views

CVE-2024-2228 IdentityIQ Authorization of QuickLink Target Identities Vulnerability

This vulnerability allows an authenticated user to perform a Lifecycle Manager flow or other QuickLink for a target user outside of the defined QuickLink Population...

7.1CVSS7AI score0.00387EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/22 3:43 p.m.45 views

CVE-2024-2227 IdentityIQ JavaServer Faces File Path Traversal Vulnerability

This vulnerability allows access to arbitrary files in the application server file system due to a path traversal vulnerability in JavaServer Faces JSF 2.2.20 documented in CVE-2020-6950. The remediation for this vulnerability contained in this security fix provides additional changes to the...

10CVSS8.1AI score0.0078EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/22 3:43 p.m.61 views

CVE-2024-2227 IdentityIQ JavaServer Faces File Path Traversal Vulnerability

This vulnerability allows access to arbitrary files in the application server file system due to a path traversal vulnerability in JavaServer Faces JSF 2.2.20 documented in CVE-2020-6950. The remediation for this vulnerability contained in this security fix provides additional changes to the...

10CVSS6.8AI score0.0078EPSS
Exploits0References1
CVE
CVE
added 2024/03/22 3:43 p.m.187 views

CVE-2024-2227

IdentityIQ (SailPoint) is affected by a JavaServer Faces path traversal vulnerability (JSF 2.2.20) that allows reading arbitrary files from the application server filesystem. Root cause: path traversal in JSF 2.2.20, as described in CVE-2020-6950 lineage. Affected IdentityIQ versions include 8.3 ...

10CVSS7.1AI score0.0078EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/22 12:0 a.m.7 views

PT-2024-19297

Name of the Vulnerable Software and Affected Versions SailPoint IdentityIQ affected versions not specified Description The issue is a path traversal vulnerability in JavaServer Faces JSF that allows access to arbitrary files in the application server file system. This can be exploited by an...

10CVSS6.7AI score0.0078EPSS
Exploits0References9
OSV
OSV
added 2024/02/21 5:15 p.m.4 views

CVE-2024-1714

An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated user in an access request...

7.1CVSS5.8AI score0.00344EPSS
Exploits0References1
NVD
NVD
added 2024/02/21 5:15 p.m.18 views

CVE-2024-1714

An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated user in an access request...

7.1CVSS6.8AI score0.00344EPSS
Exploits0References1
Prion
Prion
added 2024/02/21 5:15 p.m.16 views

Cross site request forgery (csrf)

An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated user in an access request...

4.6CVSS6.8AI score0.00344EPSS
Exploits0References1
Rows per page
Query Builder