* This Security Bulletin applies only to the listed affected products. If this issue also affects another CyberArk product, it will be addressed separately in accordance with CyberArk’s Product Vulnerability Management Policy.

** Relates only to versions that are within their development life cycle. Refer to our End of Life policy for details.

Resolution:

Upgrade to a patch version by downloading the patch from the respective link and following the instructions in our online documentation.

Want to dive deeper? Check it out here

Affected products and versions

• Secrets Manager, SaaS (formerly Conjur Cloud) Edge – All versions prior to version 15.0

* This security bulletin applies only to the listed affected products. If this issue also affects another CyberArk product, it will be addressed separately in accordance with CyberArk’s Product Vulnerability Management Policy.

** Relates only to versions that are within their development life. Please refer to our End-of-Life policy for details

Resolution

Upgrade to a version by downloading the version from the respective link and following the instructions in our online documentation.

Want to dive deeper? Check it out here

Restrict View of Sensitive Identity Attributes:

• As organizations store more sensitive personal data in IdentityIQ, protecting that information is more important than ever. With IdentityIQ 8.5, we’re introducing the ability to restrict visibility of sensitive identity attributes—ensuring that only users with a legitimate purpose can access certain personal or confidential fields. Whether it’s PII or other sensitive identity data, this feature allows you to define exactly who can see what, with flexible configuration options.

This enhancement helps organizations enforce data privacy while still empowering users to do their jobs effectively. Affected areas include Identity Warehouse, Manage Identity, Access Reviews, and Work Items.

UX/UI Modernization and Improvements:

• As part of our continued effort to modernize IdentityIQ and improve the user experience, IdentityIQ 8.5 includes several UI and UX enhancements:
  • Improved the Sunrise/Sunset experience with a more intuitive look and feel, and a streamlined flow for adding, removing, or changing access. In addition, the terms Sunrise/Sunset Dates have been renamed to Start/End dates for better clarity.
  • Added new filters, Role Owner and Access Type, on the Manage Access Request page to help users find relevant access more efficiently.
  • Enhanced the end user access review page by making sorting clearer and displaying the actual due date directly in the UI.
  • Made the “Show Classifications” option configurable in Entitlement Owner Certifications, allowing more flexibility based on certification needs.
  • Modernized the front-end framework from AngularJS to Angular 18 on the following pages:
    • Access Review
    • Rapid Setup
    • Login Page
    • Admin Preferences
    • API Authentication
    • Access History

Access Request Entitlement Recommendations (Coming Soon): 

• Access Request Recommendations have been expanded to include entitlements, enhancing the self-service experience with intelligent, data-driven recommendations. This improvement helps users request appropriate access more efficiently and reduces the burden on approvers by minimizing unnecessary or inappropriate requests.This feature closes the gap between role and entitlement recommendations by offering both options for self-service access requests. Recommendations eliminate guesswork by suggesting the entitlements users need to perform their job and consolidating all required access into a single request.

Further details available from the Compass Community site here:  What’s New in IdentityIQ 8.5 – Compass

Affected products and versions:

• Privileged Threat Analytics, Self-Hosted – All versions prior to 14.6

* This Security Bulletin applies only to the listed affected products. If this issue also affects another CyberArk product, it will be addressed separately in accordance with CyberArk’s Product Vulnerability Management Policy.

** Relates only to versions that are within their development life cycle. Refer to our End of Life policy for details.

Resolution:

Upgrade to a patch version by downloading the patch from the respective link and following the instructions in our online documentation.

If a patch isn’t available for your installed version, or if you want to move to the latest available version, upgrade your component according to the upgrade version compatibility docs.

Want to dive deeper? Check it out here