Cyber Resilience

CVE-2024-10905

Critical

Published: 02 December 2024

Published
02 December 2024
Modified
12 November 2025
KEV Added
Patch
CVSS Score v3.1 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0131 80.2th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-10905 is a critical-severity Improper Handling of File Names that Identify Virtual Resources (CWE-66) vulnerability in Sailpoint Identityiq. Its CVSS base score is 10.0 (Critical).

Operationally, ranked in the top 19.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions allow HTTP/HTTPS access to static content…

more

in the IdentityIQ application directory that should be protected.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

sailpoint
identityiq
8.2, 8.3, 8.4 · ≤ 8.2

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References