漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
SailPoint IdentityIQ Debug UI Incorrect Authorization
Vulnerability Description
IdentityIQ 8.5, all IdentityIQ 8.5 patch levels prior to 8.5p2, IdentityIQ 8.4, and all IdentityIQ 8.4 patch levels prior to 8.4p4 allow authenticated users assigned the Debug Pages Read Only capability or any custom capability with the ViewAccessDebugPage SPRight to incorrectly create new IdentityIQ objects. Until a remediating security fix or patches containing this security fix are installed, the Debug Pages Read Only capability and any custom capabilities that contain the ViewAccessDebugPage SPRight should be unassigned from all identities and workgroups.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
授权机制不正确
Vulnerability Title
SailPoint IdentityIQ 安全漏洞
Vulnerability Description
SailPoint IdentityIQ是SailPoint公司的一款安全软件。提供信用监控、身份保险和防病毒。 SailPoint IdentityIQ 8.5版本、8.5p2之前版本、8.4版本和8.4p4之前版本存在安全漏洞,该漏洞源于权限分配不当,可能导致已验证用户错误创建新IdentityIQ对象。
CVSS Information
N/A
Vulnerability Type
N/A