heise PlusAbo
Anzeige

Identity management: Top-rated security vulnerability threatens IdentityIQ

In current versions, the developers of SailPoint have closed a critical vulnerability in IdenetityIQ.

listen Print view

(Image: AFANASEV IVAN/Shutterstock.com)

1 min. read
Security
By

Attackers can attack the identity and access management solution IdentityIQ from SailPoint. If attacks are successful, attackers can access areas that are actually closed off.

SailPoint has not yet issued a warning about the security vulnerability. All information on the"critical" vulnerability (CVE-2024-10905) is currently based on an entry in the National Vulnerability Database (NVD) of the National Institute of Standards and Technology (NIST).

The vulnerability is classified with the highest possible CVSS score (10 out of 10). Attackers should be able to gain unauthorized access to data via HTTP. It is not yet clear what this means in detail and how such an attack could take place.

Videos by heise

Security updates available

The entry shows that IdentityIQ 8.2, 8.3 and 8.4 are affected. The gap should be closed in versions 8.2p8, 8.3p5 and 8.4p2. Due to the critical classification, admins should not put off updating. There are currently no reports of ongoing attacks.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten