Wildwildwes

**Name of the Vulnerable Software and Affected Versions** IdentityIQ (affected versions not specified) **Description** An authenticated identity acting as the requestor or assignee of a work item can edit a role definition without possessing the required capability for role editing. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IdentityIQ versions 8.4 through 8.4p3 IdentityIQ versions 8.5 through 8.5p1 **Description** Authenticated users assigned the Debug Pages Read Only capability or any custom capability with the `ViewAccessDebugPage` SPRight can incorrectly create new IdentityIQ objects. **Recommendations** For versions 8.4 through 8.4p3, update to version 8.4p4. For versions 8.5 through 8.5p1, update to version 8.5p2. As a temporary workaround, unassign the Debug Pages Read Only capability and any custom capabilities containing the `ViewAccessDebugPage` SPRight from all identities and workgroups.