CVE-2024-10905
📋 TL;DR
This vulnerability allows unauthenticated attackers to access sensitive static content within IdentityIQ application directories via HTTP/HTTPS. It affects IdentityIQ versions 8.4 (prior to 8.4p2), 8.3 (prior to 8.3p5), 8.2 (prior to 8.2p8), and all earlier versions. The improper access control exposes files that should be protected.
💻 Affected Systems
- SailPoint IdentityIQ
📦 What is this software?
Identityiq by Sailpoint
Identityiq by Sailpoint
Identityiq by Sailpoint
Identityiq by Sailpoint
Identityiq by Sailpoint
Identityiq by Sailpoint
Identityiq by Sailpoint
Identityiq by Sailpoint
Identityiq by Sailpoint
Identityiq by Sailpoint
Identityiq by Sailpoint
Identityiq by Sailpoint
Identityiq by Sailpoint
⚠️ Risk & Real-World Impact
Worst Case
Attackers could access sensitive configuration files, credentials, or proprietary data leading to complete system compromise and data exfiltration.
Likely Case
Unauthorized access to application files containing sensitive information like configuration details, logs, or temporary files.
If Mitigated
Limited exposure of non-critical static files with no sensitive data accessible.
🎯 Exploit Status
Exploitation requires only HTTP/HTTPS access to the IdentityIQ application; no authentication or special tools needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: IdentityIQ 8.2p8, 8.3p5, or 8.4p2
Vendor Advisory: https://www.sailpoint.com/security-advisories/identityiq-improper-access-control-vulnerability-cve-2024-10905
Restart Required: Yes
Instructions:
1. Download the appropriate patch from SailPoint support portal. 2. Apply patch according to SailPoint documentation. 3. Restart IdentityIQ services. 4. Verify access controls are properly enforced.
🔧 Temporary Workarounds
Web Server Access Control
allConfigure web server (Tomcat) to restrict access to static content directories
Modify Tomcat web.xml to add security constraints for /identityiq/* paths
Network Segmentation
allRestrict network access to IdentityIQ HTTP/HTTPS ports
Configure firewall rules to limit access to IdentityIQ ports (8080, 8443) to trusted networks only
🧯 If You Can't Patch
- Implement strict network access controls to limit HTTP/HTTPS access to IdentityIQ
- Monitor access logs for unauthorized attempts to access static content directories
🔍 How to Verify
Check if Vulnerable:
Attempt to access static content via HTTP/HTTPS (e.g., http://[identityiq-server]/identityiq/static/) and check if files are accessible without authentication.Check Version:
Check IdentityIQ version via admin console or review installation logsVerify Fix Applied:
After patching, attempt the same access and verify files are no longer accessible without proper authentication.📡 Detection & Monitoring
Log Indicators:
- HTTP 200 responses to static content requests without authentication
- Unusual access patterns to /identityiq/static/ paths
Network Indicators:
- HTTP GET requests to static content directories from unauthorized sources
SIEM Query:
source="identityiq" AND (uri_path="/identityiq/static/*" OR uri_path="/identityiq/*.jsp") AND http_status=200 AND NOT user_agent="internal-monitoring"