SailPoint IdentityIQ Vulnerability Allows Unauthorized File Access

Critical vulnerability discovered in SailPoint’s IdentityIQ software. A severe security flaw, identified as CVE-2024-10905, has been found in SailPoint’s IdentityIQ identity and access management software, which allows unauthorized access to sensitive content within the application directory. This vulnerability, rated with a maximum CVSS score of 10.0, affects versions 8.2, 8.3, 8.4, and earlier iterations. The issue stems from improper handling of file names, potentially enabling attackers to read protected files. SailPoint has released e-fixes for all impacted versions and emphasized its commitment to security and transparency in addressing such vulnerabilities. The company continues to enhance its secure development practices to mitigate risks associated with evolving cyber threats.