nvd-json-data-feeds/CVE-2024/CVE-2024-109xx/CVE-2024-10905.json

{
  "id": "CVE-2024-10905",
  "sourceIdentifier": "psirt@sailpoint.com",
  "published": "2024-12-02T15:15:10.240",
  "lastModified": "2024-12-06T18:15:22.207",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions\u00a0allow HTTP/HTTPS access to\u00a0static content in the IdentityIQ application directory that should be protected."
    },
    {
      "lang": "es",
      "value": "IdentityIQ 8.4 y todos los niveles de parche 8.4 anteriores a 8.4p2, IdentityIQ 8.3 y todos los niveles de parche 8.3 anteriores a 8.3p5, IdentityIQ 8.2 y todos los niveles de parche 8.2 anteriores a 8.2p8, y todas las versiones anteriores permiten el acceso HTTP a contenido est\u00e1tico en el directorio de la aplicaci\u00f3n IdentityIQ que debe estar protegido."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "psirt@sailpoint.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0
      }
    ]
  },
  "weaknesses": [
    {
      "source": "psirt@sailpoint.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-66"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.sailpoint.com/security-advisories/identityiq-improper-access-control-vulnerability-cve-2024-10905",
      "source": "psirt@sailpoint.com"
    }
  ]
}