CVE-2026-4857
SailPoint IdentityIQ Debug UI Incorrect Authorization
IdentityIQ 8.5, all
IdentityIQ 8.5 patch levels prior to 8.5p2, IdentityIQ 8.4, and all IdentityIQ
8.4 patch levels prior to 8.4p4 allow authenticated users assigned the Debug
Pages Read Only capability or any custom capability with the ViewAccessDebugPage
SPRight to incorrectly create new IdentityIQ objects. Until a remediating security fix or patches
containing this security fix are installed, the Debug Pages Read Only
capability and any custom capabilities that contain the ViewAccessDebugPage
SPRight should be unassigned from all identities and workgroups.
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Productos afectados
SailPoint Technologies · IdentityIQ¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →