📄 Description (English)
This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing.
🤖 AI Executive Summary
CVE-2026-5712 is a privilege escalation vulnerability in SailPoint IdentityIQ affecting all versions through 8.5 patch 1. An authenticated user who is a requestor or assignee of a work item can bypass role-based access controls to edit role definitions without proper authorization. With a CVSS score of 8.0 and no patch currently available, this poses significant risk to identity and access management infrastructure across Saudi organizations.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 5, 2026 19:30
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability directly impacts Saudi banking sector (SAMA-regulated institutions, major banks using IdentityIQ for IAM), government agencies (NCA, CITC, Ministry of Interior), healthcare organizations (MOH, private hospitals), energy sector (ARAMCO, downstream companies), and telecommunications (STC, Mobily). The ability to edit role definitions without authorization enables privilege escalation, unauthorized access to sensitive systems, compliance violations, and potential data breaches affecting critical national infrastructure.
🏢 Affected Saudi Sectors
Banking and Financial Services
Government and Public Administration
Healthcare
Energy and Utilities
Telecommunications
Insurance
Large Enterprises with IAM infrastructure
🎯 MITRE ATT&CK Techniques
T1548 - Abuse Elevation Control Mechanism
T1548.002 - Abuse Elevation Control Mechanism: Bypass User Account Control
T1078 - Valid Accounts
T1078.001 - Valid Accounts: Default Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1098.003 - Account Manipulation: Additional Cloud Roles
⚖️ Saudi Risk Score (AI)
8.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Inventory all IdentityIQ deployments and document versions (8.3, 8.4, 8.5 and patches)
2. Restrict access to work item management interfaces to authorized personnel only
3. Implement additional monitoring on role definition changes
4. Review audit logs for unauthorized role modifications in the past 90 days
COMPENSATING CONTROLS (until patch available):
5. Implement network segmentation to limit access to IdentityIQ administrative interfaces
6. Enable enhanced logging and alerting for role definition modifications
7. Require multi-factor authentication for all IdentityIQ administrative accounts
8. Conduct quarterly access reviews of work item requestors and assignees
9. Implement role-based access control at the application layer with additional validation
DETECTION RULES:
10. Alert on any role definition changes initiated by non-administrative accounts
11. Monitor for work item status changes followed by role modifications
12. Track API calls to role definition endpoints from unexpected sources
13. Flag accounts with requestor/assignee status attempting role edits
PATCHING:
14. Subscribe to SailPoint security advisories for patch availability
15. Prepare change management procedures for emergency patching once available
16. Test patches in non-production environments before deployment
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. حصر جميع نشرات IdentityIQ وتوثيق الإصدارات (8.3، 8.4، 8.5 والتصحيحات)
2. تقييد الوصول إلى واجهات إدارة عناصر العمل للموظفين المصرح لهم فقط
3. تنفيذ مراقبة إضافية على تغييرات تعريف الأدوار
4. مراجعة سجلات التدقيق للتعديلات غير المصرح بها على الأدوار في آخر 90 يوماً
عناصر التحكم التعويضية (حتى توفر التصحيح):
5. تنفيذ تقسيم الشبكة لتحديد الوصول إلى واجهات إدارة IdentityIQ
6. تفعيل السجلات المحسنة والتنبيهات لتعديلات تعريف الأدوار
7. طلب المصادقة متعددة العوامل لجميع حسابات IdentityIQ الإدارية
8. إجراء مراجعات وصول ربع سنوية لطالبي عناصر العمل والمسؤولين عنها
9. تنفيذ التحكم في الوصول المستند إلى الأدوار على مستوى التطبيق مع التحقق الإضافي
قواعد الكشف:
10. تنبيه على أي تغييرات في تعريف الأدوار التي يبدأها حسابات غير إدارية
11. مراقبة تغييرات حالة عناصر العمل متبوعة بتعديلات الأدوار
12. تتبع استدعاءات API لنقاط نهاية تعريف الأدوار من مصادر غير متوقعة
13. وضع علامة على الحسابات ذات حالة الطالب/المسؤول التي تحاول تعديل الأدوار
التصحيح:
14. الاشتراك في تنبيهات أمان SailPoint لتوفر التصحيحات
15. تحضير إجراءات إدارة التغيير للتصحيح الطارئ عند توفره
16. اختبار التصحيحات في بيئات غير الإنتاج قبل النشر
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.9.1.1 - Access control policy and procedures
ECC 2024 A.9.2.1 - User registration and de-registration
ECC 2024 A.9.2.5 - Access rights review
ECC 2024 A.9.4.3 - Password management
ECC 2024 A.12.4.1 - Event logging
ECC 2024 A.12.4.3 - Administrator and operator logs
🔵 SAMA CSF
SAMA CSF ID.AM-1 - Asset Management
SAMA CSF PR.AC-1 - Access Control Policy
SAMA CSF PR.AC-3 - Access Enforcement
SAMA CSF DE.CM-1 - System Monitoring
SAMA CSF DE.AE-1 - Audit Logging
🟡 ISO 27001:2022
ISO 27001:2022 A.5.15 - Access Control
ISO 27001:2022 A.8.2 - Privileged Access Rights
ISO 27001:2022 A.8.3 - Information Access Restriction
ISO 27001:2022 A.12.4.1 - Event Logging
ISO 27001:2022 A.12.4.3 - Administrator and Operator Logs
🟣 PCI DSS v4.0.1
PCI DSS 7.1 - Limit access to system components
PCI DSS 8.2 - Ensure proper user identification
PCI DSS 10.2 - Implement automated audit trails
📦 Affected Products / CPE 10 entries
sailpoint:identityiq
sailpoint:identityiq:8.3
sailpoint:identityiq:8.3
sailpoint:identityiq:8.3
sailpoint:identityiq:8.3
sailpoint:identityiq:8.4
sailpoint:identityiq:8.4
sailpoint:identityiq:8.4
sailpoint:identityiq:8.5
sailpoint:identityiq:8.5