A critical vulnerability (CVE-2024-10905, CVSS 10.0) in SailPoint's IdentityIQ IAM software allows unauthorized access to static content within the application directory, affecting versions 8.2, 8.3, 8.4, and earlier. The flaw, caused by improper handling of file names identifying virtual resources (CWE-66), can expose protected files. SailPoint has issued e-fixes for impacted versions, emphasizing its commitment to security and transparency while advising customers to apply the patches promptly.

‍