89 matches found
The vulnerability of the comprehensive solution for managing user identification, access rights, and compliance with SailPoint IdentityIQ lies in improper handling of file names. This allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the comprehensive solution for managing user identification, access rights, and compliance with SailPoint IdentityIQ is related to incorrect handling of file names. Exploiting this vulnerability can allow attackers to compromise the confidentiality, integrity, and accessibili...
Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access
A critical security vulnerability has been disclosed in SailPoint's IdentityIQ identity and access management IAM software that allows unauthorized access to content stored within the application directory. The flaw, tracked as CVE-2024-10905 , has a CVSS score of 10.0, indicating maximum severit...
CVE-2024-10905
IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions allow HTTP/HTTPS access to static content in the IdentityIQ application directory that should be protected...
CVE-2024-10905
IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions allow HTTP/HTTPS access to static content in the IdentityIQ application directory that should be protected...
CVE-2024-10905 IdentityIQ Improper Access Control VulnerabilityIdentityIQ Improper Access Control Vulnerability
IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions allow HTTP/HTTPS access to static content in the IdentityIQ application directory that should be protected...
CVE-2024-10905
CVE-2024-10905 affects SailPoint IdentityIQ 8.2, 8.3, 8.4 and prior versions, where HTTP/HTTPS access to static content in the IdentityIQ application directory is improperly allowed. Root cause cited as improper handling of file names identifying virtual resources (CWE-66). Impact is high: potent...
CVE-2024-10905 IdentityIQ Improper Access Control VulnerabilityIdentityIQ Improper Access Control Vulnerability
IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions allow HTTP/HTTPS access to static content in the IdentityIQ application directory that should be protected...
SailPoint IdentityIQ 安全漏洞
SailPoint IdentityIQ is a security software from SailPoint, Inc. which provides credit monitoring, identity insurance, and antivirus. A security vulnerability exists in SailPoint IdentityIQ that originates from allowing HTTP access to static content in the application catalog that should be...
PT-2024-9115
Name of the Vulnerable Software and Affected Versions: SailPoint IdentityIQ versions 8.4 and all 8.4 patch levels prior to 8.4p2 SailPoint IdentityIQ versions 8.3 and all 8.3 patch levels prior to 8.3p5 SailPoint IdentityIQ versions 8.2 and all 8.2 patch levels prior to 8.2p8 SailPoint IdentityIQ...
CVE-2024-2227
This vulnerability allows access to arbitrary files in the application server file system due to a path traversal vulnerability in JavaServer Faces JSF 2.2.20 documented in CVE-2020-6950. The remediation for this vulnerability contained in this security fix provides additional changes to the...
CVE-2024-2227
This vulnerability allows access to arbitrary files in the application server file system due to a path traversal vulnerability in JavaServer Faces JSF 2.2.20 documented in CVE-2020-6950. The remediation for this vulnerability contained in this security fix provides additional changes to the...
CVE-2024-2228 IdentityIQ Authorization of QuickLink Target Identities Vulnerability
This vulnerability allows an authenticated user to perform a Lifecycle Manager flow or other QuickLink for a target user outside of the defined QuickLink Population...
CVE-2024-2228 IdentityIQ Authorization of QuickLink Target Identities Vulnerability
This vulnerability allows an authenticated user to perform a Lifecycle Manager flow or other QuickLink for a target user outside of the defined QuickLink Population...
CVE-2024-2227 IdentityIQ JavaServer Faces File Path Traversal Vulnerability
This vulnerability allows access to arbitrary files in the application server file system due to a path traversal vulnerability in JavaServer Faces JSF 2.2.20 documented in CVE-2020-6950. The remediation for this vulnerability contained in this security fix provides additional changes to the...
CVE-2024-2227 IdentityIQ JavaServer Faces File Path Traversal Vulnerability
This vulnerability allows access to arbitrary files in the application server file system due to a path traversal vulnerability in JavaServer Faces JSF 2.2.20 documented in CVE-2020-6950. The remediation for this vulnerability contained in this security fix provides additional changes to the...
CVE-2024-2227
IdentityIQ (SailPoint) is affected by a JavaServer Faces path traversal vulnerability (JSF 2.2.20) that allows reading arbitrary files from the application server filesystem. Root cause: path traversal in JSF 2.2.20, as described in CVE-2020-6950 lineage. Affected IdentityIQ versions include 8.3 ...
PT-2024-19297
Name of the Vulnerable Software and Affected Versions SailPoint IdentityIQ affected versions not specified Description The issue is a path traversal vulnerability in JavaServer Faces JSF that allows access to arbitrary files in the application server file system. This can be exploited by an...
CVE-2024-1714
An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated user in an access request...
CVE-2024-1714
An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated user in an access request...
Cross site request forgery (csrf)
An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated user in an access request...