Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: SailPoint Patched A Critical Vulnerability, CVE-2024-10905, In IdentityIQ, Patch Immediately!
Image
Published : 09/12/2024
Reference:
Advisory #2024-286
Version:
1.0
Affected software:
All prior versions of SailPoint IdentityIQ 8.2
SailPoint IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8
SailPoint IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5
SailPoint IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2
Type:
Improper Access Control Vulnerability
CVE/CVSS:
CVE-2024-10905: CVSS 10 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Sources
Risks
A critical security vulnerability has been disclosed in SailPoint's IdentityIQ identity and access management (IAM) software. This vulnerability could allow attackers to access restricted files and directories, leading to potential data exposure.
The flaw, tracked as CVE-2024-10905, has a CVSS score of 10.0, indicating maximum severity. This CVSS score was calculated and assigned by SailPoint Technologies. It affects IdentityIQ versions 8.2, 8.3, 8.4, and other previous versions.
SailPoint released e-fixes (emergency fixes) for each impacted and supported version of IdentityIQ.
Description
The vulnerability stems from improper access controls within IdentityIQ. Vulnerable versions allow HTTP/HTTPS access to static content in the IdentityIQ application directory that should be protected.
Attackers can exploit this weakness to gain unauthorized access to static content within the application directory. This could include sensitive configuration files, application code, and potentially even user data.
The vulnerability affects a wide range of IdentityIQ versions, including:
- IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2
- IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5
- IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8
- All previous versions of IdentityIQ
Vendor Advisory: https://www.sailpoint.com/security-advisories/identityiq-improper-access-control-vulnerability-cve-2024-10905
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
SailPoint has released e-fixes to address this vulnerability for all supported versions of IdentityIQ. Organizations using any of the affected versions are strongly urged to apply these patches immediately.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
SecurityOnline: https://securityonline.info/cve-2024-10905-cvss-10-critical-vulnerability-in-sailpoint-identityiq-exposes-sensitive-data/
TheHackerNews: https://thehackernews.com/2024/12/critical-sailpoint-identityiq.html