Skip to main content

Identityiq

8 CVEs product

Monthly

CVE-2026-5712 HIGH PATCH This Week

This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing.

Authentication Bypass Identityiq
NVD VulDB
CVSS 3.1
8.0
EPSS
0.0%
CVE-2026-4857 HIGH PATCH This Week

IdentityIQ 8.5, all IdentityIQ 8.5 patch levels prior to 8.5p2, IdentityIQ 8.4, and all IdentityIQ 8.4 patch levels prior to 8.4p4 allow authenticated users assigned the Debug Pages Read Only capability or any custom capability with the ViewAccessDebugPage SPRight to incorrectly create new IdentityIQ objects.  Until a remediating security fix or patches containing this security fix are installed, the Debug Pages Read Only capability and any custom capabilities that contain the ViewAccessDebugPage SPRight should be unassigned from all identities and workgroups.

Authentication Bypass Identityiq
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-10280 HIGH This Month

IdentityIQ 8.5, IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p4, IdentityIQ 8.3 and all 8.3 patch levels including 8.3p5, and all prior versions allows some IdentityIQ web services that. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

XSS Identityiq
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-10905 CRITICAL Act Now

IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions allow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Identityiq
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-2228 HIGH This Week

This vulnerability allows an authenticated user to perform a Lifecycle Manager flow or other QuickLink for a target user outside of the defined QuickLink Population. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Identityiq
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-2227 HIGH This Week

This vulnerability allows access to arbitrary files in the application server file system due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Identityiq
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-1714 HIGH This Week

An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Identityiq
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2023-32217 HIGH This Week

IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Identityiq
NVD
CVSS 3.1
8.8
EPSS
0.6%
EPSS 0% CVSS 8.0
HIGH PATCH This Week

This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing.

Authentication Bypass Identityiq
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH This Week

IdentityIQ 8.5, all IdentityIQ 8.5 patch levels prior to 8.5p2, IdentityIQ 8.4, and all IdentityIQ 8.4 patch levels prior to 8.4p4 allow authenticated users assigned the Debug Pages Read Only capability or any custom capability with the ViewAccessDebugPage SPRight to incorrectly create new IdentityIQ objects.  Until a remediating security fix or patches containing this security fix are installed, the Debug Pages Read Only capability and any custom capabilities that contain the ViewAccessDebugPage SPRight should be unassigned from all identities and workgroups.

Authentication Bypass Identityiq
NVD
EPSS 0% CVSS 7.1
HIGH This Month

IdentityIQ 8.5, IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p4, IdentityIQ 8.3 and all 8.3 patch levels including 8.3p5, and all prior versions allows some IdentityIQ web services that. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

XSS Identityiq
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions allow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Identityiq
NVD
EPSS 0% CVSS 8.8
HIGH This Week

This vulnerability allows an authenticated user to perform a Lifecycle Manager flow or other QuickLink for a target user outside of the defined QuickLink Population. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Identityiq
NVD
EPSS 1% CVSS 7.5
HIGH This Week

This vulnerability allows access to arbitrary files in the application server file system due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Identityiq
NVD
EPSS 0% CVSS 7.1
HIGH This Week

An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Identityiq
NVD
EPSS 1% CVSS 8.8
HIGH This Week

IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Identityiq
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy