SailPoint IdentityIQ Debug UI Incorrect Authorization Vulnerability

An incorrect authorization vulnerability has been identified in SailPoint IdentityIQ versions 8.5 (all patch levels prior to 8.5p2) and 8.4 (all patch levels prior to 8.4p4). This vulnerability allows authenticated users with the Debug Pages Read Only capability or any custom capability that includes the ViewAccessDebugPageSPRight to improperly create new IdentityIQ objects. Until a security fix is applied, the Debug Pages Read Only capability and any custom capabilities containing the ViewAccessDebugPageSPRight should be removed from all identities and workgroups.

Impact

Exploitation of this vulnerability could lead to unauthorized creation of IdentityIQ objects, potentially allowing for manipulation or misuse of identity data and application functionality.

Remediation

SailPoint has released a patch for this vulnerability in the SailPoint IdentityIQ 8.5p2 and 8.4p4 versions. Users should update to these versions to address the vulnerability.