25 July 2025

SailPoint: Identity Security Cloud Production release notes

Product and Feature enchacements:

 

Machine Identity Security:

  • Users can now opt out of the Machine Account Discovery feature by disabling it on the System Features page.

Connectivity – Jack Henry:

  • The Jack Henry connector now supports Symitar 2024.

Connectivity – Snowflake:

  • The Snowflake Connector can now aggregate database roles as entitlements. It can also assign and revoke database roles at the account level.

Identity Security Cloud – Core Access Model:

  • Standard criteria for role assignments have been enhanced as follows to provide an improved administrative experience and greater flexibility in assigning roles:
    • A Does Not Contain operator has been added for Identity and Account attribute expressions.
    • The ability to compare against a list of values in a single criteria statement has been added. For example, you could evaluate if a user’s department is EQUAL to Accounting, Finance, or Accounts Payable in a single statement.
    • The >, >=, <, and <= numeric operations have been added to account attribute expressions.
    • Issues with boolean comparisons evaluating null values as FALSE have been resolved.

 

Fixes:

 

Identity Security Cloud – Core Access Model (SAASTRIAGE-8724):

  • Fixed an issue where source attributes were not displaying on the Entitlement Details page.

Connectivity – Active Directory(CONETN-5109):

  • The Active Directory connector no longer throws an error when using a gMSA account if the same service account is being used for multi-domain or multi-forest configurations.

 

Further details available from the Compass Community site here: SaaS Release Notes – Compass

15 July 2025

CyberArk: CA25-27 – Potential authentication bypass via Identity connector synchronization

Issued: July 15, 2025

Updated: N/A

Version: 1.0

Severity: High

CVSS Score: 8.3

Third-party publication / CVE: N/A

Impact: Potential authentication bypass via Identity connector synchronization

 

Affected products and versions

 

Product:

 

  • SSH Manager for Machines (formerly known as SSH Protect) – All versions prior to version 25.1
  • Code Signing Manager (formerly known as CodeSign Protect) – All versions prior to version 25.1
  • Certificate Manager, Self-Hosted (formerly known as TLS Protect Datacenter) – All versions prior to version 25.1

 

* This security bulletin applies only to the listed affected products. If this issue also affects another CyberArk product, it will be addressed in a separate security bulletin.

 

** Relates only to versions that are within their development life. Please refer to our End-of-Life policy for details

 

Resolution

Upgrade to a patch version by downloading the patch from the respective link and following the instructions in our online documentation.

 

If a patch isn’t available for your installed version, or if you want to move to the latest available version, upgrade your component according to the upgrade version compatibility docs.

 

Want to dive deeper? Check it out here


15 July 2025

CyberArk: CA25-26 – Potential disclosure of sensitive information to users with administrative privileges

Issued: July 15, 2025

Updated: N/A

Version: 1.0

Severity: High

CVSS Score: 7.2

Third-party publication / CVE: N/A

Impact: Potential disclosure of sensitive information to users with administrative privileges

 

Affected products and versions:
  • Certificate Manager, Self-Hosted (formerly TLS Protect Datacenter) – All versions prior to version 25.1
  • SSH Manager for Machines (formerly SSH Protect) – All versions prior to version 25.1
  • Code Sign Manager (formerly CodeSign Protect) – All versions prior to version 25.1

 

* This Security Bulletin applies only to the listed affected products. If this issue also affects another CyberArk product, it will be addressed separately in accordance with CyberArk’s Product Vulnerability Management Policy.

 

** Relates only to versions that are within their development life cycle. Refer to our End of Life policy for details.

 

Resolution:

Upgrade to a patch version by downloading the patch from the respective link and following the instructions in our online documentation.

 

Want to dive deeper? Check it out here


15 July 2025

CyberArk: CA25-25 – Potential excessive consumption of resources on the host system that can lead to a denial of service (DoS)

Issued: July 15, 2025

Updated: N/A

Version: 1.0

Severity: High

CVSS Score: 8.7

Third-party publication / CVE: CVE-2025-30204

Impact: Potential excessive consumption of resources on the host system that can lead to a denial of service (DoS)
 

Affected products and versions

 

  • Secrets Manager, SaaS (formerly Conjur Cloud) Edge – All versions prior to version 15.0

* This security bulletin applies only to the listed affected products. If this issue also affects another CyberArk product, it will be addressed separately in accordance with CyberArk’s Product Vulnerability Management Policy.

** Relates only to versions that are within their development life. Please refer to our End-of-Life policy for details

 

Resolution

Upgrade to a version by downloading the version from the respective link and following the instructions in our online documentation.

 

Want to dive deeper? Check it out here


1 2 3