Sailpoint Technologies Identityiq vulnerabilities

3 known vulnerabilities affecting sailpoint_technologies/identityiq.

Total CVEs

3

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

CRITICAL1HIGH1MEDIUM1

Vulnerabilities

Page 1 of 1

CVE-2026-4857HIGHCVSS 8.4≥ 8.5, < 8.5p2≥ 8.4, < 8.4p42026-04-15

CVE-2026-4857 [HIGH] CWE-863 CVE-2026-4857: IdentityIQ 8.5, all IdentityIQ 8.5 patch levels prior to 8.5p2, IdentityIQ 8.4, and all IdentityIQ 8 IdentityIQ 8.5, all IdentityIQ 8.5 patch levels prior to 8.5p2, IdentityIQ 8.4, and all IdentityIQ 8.4 patch levels prior to 8.4p4 allow authenticated users assigned the Debug Pages Read Only capability or any custom capability with the ViewAccessDebugPage SPRight to incorrectly create new IdentityIQ objects. Until a remediating security fix or patches

CVE-2025-10280MEDIUMCVSS 6.1v8.5≥ 8.4, < 8.4p4+1 more2025-11-03

CVE-2025-10280 [MEDIUM] CWE-79 CVE-2025-10280: IdentityIQ 8.5, IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p4, IdentityIQ 8.3 and all 8.3 p IdentityIQ 8.5, IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p4, IdentityIQ 8.3 and all 8.3 patch levels including 8.3p5, and all prior versions allows some IdentityIQ web services that provide non-HTML content to be accessed via a URL path that will set the Content-Type to HTML allowing a requesting browser to interpret content not properly e

CVE-2024-10905CRITICALCVSS 9.8≥ 8.2, < 8.2p8≥ 8.3, < 8.3p5+1 more2024-12-02

CVE-2024-10905 [CRITICAL] CWE-66 CVE-2024-10905: IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prio IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions allow HTTP/HTTPS access to static content in the IdentityIQ application directory that should be protected.