CVE-2026-4857
SailPoint IdentityIQ Debug UI Incorrect Authorization
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 8.4EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
15 abr 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
IdentityIQ 8.5, all
IdentityIQ 8.5 patch levels prior to 8.5p2, IdentityIQ 8.4, and all IdentityIQ
8.4 patch levels prior to 8.4p4 allow authenticated users assigned the Debug
Pages Read Only capability or any custom capability with the ViewAccessDebugPage
SPRight to incorrectly create new IdentityIQ objects. Until a remediating security fix or patches
containing this security fix are installed, the Debug Pages Read Only
capability and any custom capabilities that contain the ViewAccessDebugPage
SPRight should be unassigned from all identities and workgroups.
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Productos afectados
SailPoint Technologies · IdentityIQ