Critical Unauthorized File Access Vulnerability in SailPoint IdentityIQ (CVE-2024-10905)

ISGroup Cybersecurity

SailPoint IdentityIQ is a leading Identity and Access Management (IAM) software, widely used by enterprises for identity lifecycle management and regulatory compliance. With over 600 companies globally, primarily in the United States, relying on this platform to secure access and ensure compliance, any vulnerability in IdentityIQ can have significant impacts.

A critical security flaw (CVE-2024-10905) has recently been disclosed in SailPoint IdentityIQ. This vulnerability has a CVSS score of 10.0, indicating maximum severity, and exposes files in the application directory to unauthorized access via improperly handled file requests.

ProductSailPoint IdentityIQ
Date2024-12-04 10:39:43
Information
  • Trending
  • Fix Available

Technical Summary

The vulnerability is caused by improper handling of filenames that identify virtual resources (CWE-66). This flaw allows HTTP access to static content within the IdentityIQ application directory that should remain protected. Malicious actors can exploit this flaw to read sensitive files, potentially resulting in data breaches, unauthorized access to protected resources, and compliance failures.

Affected versions of SailPoint IdentityIQ include:

  • 8.4 and all patch levels prior to 8.4p2
  • 8.3 and all patch levels prior to 8.3p5
  • 8.2 and all patch levels prior to 8.2p8
  • All versions prior to 8.2

Currently, SailPoint has not yet released an official security advisory nor responded publicly to the vulnerability disclosure.

Recommendations

  1. Immediate Mitigation:

    • Restrict HTTP access to the IdentityIQ application directory using firewall rules or web server configurations to block unauthorized file access.
  2. Patch Management:

    • Update to the latest patched versions of IdentityIQ:
      • 8.4p2, 8.3p5, 8.2p8 or later.
    • If immediate patching is not possible, apply temporary workarounds recommended by your security team to isolate the application from unauthorized traffic.
  3. Monitoring and Detection:

    • Implement file integrity monitoring for the IdentityIQ application directory.
    • Analyze web server logs for unauthorized HTTP requests to sensitive file paths.

[Callforaction-THREAT-Footer]