cvelist/2024/10xxx/CVE-2024-10905.json

123 lines
5.2 KiB
JSON
Raw Normal View History

2024-11-05 21:00:32 +00:00
{
2024-12-02 15:00:31 +00:00
"data_version": "4.0",
2024-11-05 21:00:32 +00:00
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-10905",
2024-12-02 15:00:31 +00:00
"ASSIGNER": "psirt@sailpoint.com",
"STATE": "PUBLIC"
2024-11-05 21:00:32 +00:00
},
"description": {
"description_data": [
{
"lang": "eng",
2024-12-02 15:00:31 +00:00
"value": "IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions\u00a0allows HTTP access to\u00a0static content in the IdentityIQ application directory that should be protected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-66: Improper Handling of File Names that Identify Virtual Resources",
"cweId": "CWE-66"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SailPoint Technologies",
"product": {
"product_data": [
{
"product_name": "IdentityIQ",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThan": "8.2p8",
"status": "affected",
"version": "8.2",
"versionType": "semver"
},
{
"lessThan": "8.3p5",
"status": "affected",
"version": "8.3",
"versionType": "semver"
},
{
"lessThan": "8.4p2",
"status": "affected",
"version": "8.4",
"versionType": "semver"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
2024-12-04 18:00:30 +00:00
"url": "https://www.sailpoint.com/security-advisories/identityiq-improper-access-control-vulnerability-cve-2024-10905",
2024-12-02 15:00:31 +00:00
"refsource": "MISC",
2024-12-04 18:00:30 +00:00
"name": "https://www.sailpoint.com/security-advisories/identityiq-improper-access-control-vulnerability-cve-2024-10905"
2024-12-02 15:00:31 +00:00
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<a target=\"_blank\" rel=\"nofollow\" href=\"https://community.sailpoint.com/t5/IdentityIQ-Blog/IdentityIQ-Improper-Access-Control-Vulnerability/ba-p/261409\">https://community.sailpoint.com/t5/IdentityIQ-Blog/IdentityIQ-Improper-Access-Control-Vulnerability/...</a>"
}
],
"value": "https://community.sailpoint.com/t5/IdentityIQ-Blog/IdentityIQ-Improper-Access-Control-Vulnerability/... https://community.sailpoint.com/t5/IdentityIQ-Blog/IdentityIQ-Improper-Access-Control-Vulnerability/ba-p/261409"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
2024-11-05 21:00:32 +00:00
}
]
}
}