CVE-2024-10905

CVSS 3.1 Score 10 of 10 (high)

Details

Published Dec 2, 2024
Updated: Dec 6, 2024
CWE ID 66

Summary

CVE-2024-10905 is a vulnerability affecting IdentityIQ versions 8.4 and below, including all patch levels prior to 8.4p2, 8.3 and below, and all prior versions. The issue enables unauthorized HTTP/HTTPS access to static content in the IdentityIQ application directory, which should be protected. This vulnerability poses a significant risk as an attacker can potentially gain sensitive information or perform unintended actions. Organizations using the affected IdentityIQ versions are urged to apply the relevant patches to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share