10/10 directory traversal bug hits SailPoint's IdentityIQ
Briefly

from Theregister2 months ago
The vulnerability is a perfect 10/10 severity issue in SailPoint's IdentityIQ IAM platform, identified as CVE-2024-10905, indicating a serious risk for users.
Theregisterhttps://www.theregister.com/2024/12/03/sailpoint_identityiq_vulnerability/
Directory traversal vulnerabilities, like the one found in SailPoint's IDentityIQ, allow unauthorized access to sensitive files, leading to potential system compromise.
Theregisterhttps://www.theregister.com/2024/12/03/sailpoint_identityiq_vulnerability/
CISA warns that directory traversal flaws persist due to manufacturers not treating user input as malicious, emphasizing the need for better cybersecurity practices.
Theregisterhttps://www.theregister.com/2024/12/03/sailpoint_identityiq_vulnerability/
MITRE labeled directory traversals as 'unforgivable,' noting their exploitability due to poor input sanitization in software, highlighting a critical area for security improvement.
Theregisterhttps://www.theregister.com/2024/12/03/sailpoint_identityiq_vulnerability/
Read at Theregister
#sailpoint #identity-management #cybersecurity #vulnerability-assessment #directory-traversal
[
|
]