8.4
CVE-2026-4857
- EPSS 0.27%
- Veröffentlicht 15.04.2026 18:08:45
- Zuletzt bearbeitet 17.04.2026 15:08:01
- Quelle psirt@sailpoint.com
- CVE-Watchlists
- Unerledigt
SailPoint IdentityIQ Debug UI Incorrect Authorization
IdentityIQ 8.5, all IdentityIQ 8.5 patch levels prior to 8.5p2, IdentityIQ 8.4, and all IdentityIQ 8.4 patch levels prior to 8.4p4 allow authenticated users assigned the Debug Pages Read Only capability or any custom capability with the ViewAccessDebugPage SPRight to incorrectly create new IdentityIQ objects. Until a remediating security fix or patches containing this security fix are installed, the Debug Pages Read Only capability and any custom capabilities that contain the ViewAccessDebugPage SPRight should be unassigned from all identities and workgroups.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerSailPoint Technologies
≫
Produkt
IdentityIQ
Default Statusunaffected
Version
8.5
Version <
8.5p2
Status
affected
Version
8.4
Version <
8.4p4
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.27% | 0.182 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@sailpoint.com | 8.4 | 1.7 | 6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
|
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
https://www.sailpoint.com/security-advisories/sailpoint-identityiq-debug-ui-incorrect-authorization-vulnerability-cve-2026-4857