A critical vulnerability was identified where unauthorized users could access sensitive approval data of other users by directly hitting a specific REST API URL. When accessing the URL, the system displays user information in JSON format instead of enforcing proper access control.

Example Vulnerable URL: https://[HOSTNAME]/sigma/rest/protected/request/history/PERM/[ID]/[ID]?v=[TIMESTAMP]

Identity Suite (Identity Portal) 14.5.1, Siteminder 12.8.6

Engineering team provided a fix to resolve this issue as part of defect DE669127. If you face the same issue then please create a support ticket and request for the fix.