PT-2026-33131 · Sailpoint · Identityiq
Wildwildwes
·
Published
2026-04-15
·
Updated
2026-04-16
·
CVE-2026-4857
CVSS v3.1
8.4
High
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
IdentityIQ versions 8.4 through 8.4p3
IdentityIQ versions 8.5 through 8.5p1
Description
Authenticated users assigned the Debug Pages Read Only capability or any custom capability with the
ViewAccessDebugPage SPRight can incorrectly create new IdentityIQ objects.Recommendations
For versions 8.4 through 8.4p3, update to version 8.4p4.
For versions 8.5 through 8.5p1, update to version 8.5p2.
As a temporary workaround, unassign the Debug Pages Read Only capability and any custom capabilities containing the
ViewAccessDebugPage SPRight from all identities and workgroups.Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Identityiq