Vulnerability Summary for the Week of December 2, 2024

High Vulnerabilities

Primary
Vendor — Product
Description8 Published CVSS Score Source Info
SailPoint Technologies–IdentityIQ
 
IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions allow HTTP/HTTPS access to static content in the IdentityIQ application directory that should be protected. 2024-12-02 10 CVE-2024-10905
ABB–ASPECT-Enterprise
 
Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product.  Affected products: ABB ASPECT – Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 2024-12-05 10 CVE-2024-11317
ABB–ASPECT-Enterprise
 
Improper Input Validation vulnerability allows Remote Code Execution.  Affected products: ABB ASPECT – Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 2024-12-05 10 This article has been indexed from Bulletins

Read the original article: