CVE-2026-4857

HIGH

8.4

Descricao

IdentityIQ 8.5, all IdentityIQ 8.5 patch levels prior to 8.5p2, IdentityIQ 8.4, and all IdentityIQ 8.4 patch levels prior to 8.4p4 allow authenticated users assigned the Debug Pages Read Only capability or any custom capability with the ViewAccessDebugPage SPRight to incorrectly create new IdentityIQ objects. Until a remediating security fix or patches containing this security fix are installed, the Debug Pages Read Only capability and any custom capabilities that contain the ViewAccessDebugPage SPRight should be unassigned from all identities and workgroups.

Detalhes CVE

Pontuacao CVSS v3.18.4

SeveridadeHIGH

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosHIGH

Interacao do usuarioREQUIRED

Publicado4/15/2026

Ultima modificacao4/17/2026

Fontenvd

Avistamentos honeypot0

Fraquezas (CWE)

CWE-863

Referencias

https://www.sailpoint.com/security-advisories/sailpoint-identityiq-debug-ui-incorrect-authorization-vulnerability-cve-2026-4857(psirt@sailpoint.com)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.