A critical Insecure Direct Object Reference (IDOR) vulnerability has been identified in One Identity Manager, a widely used identity and access management solution.
This vulnerability, officially tracked as CVE-2024-56404, allows unauthorized privilege escalation under specific configurations.
The issue affects only On-Premise installations and does not impact customers using the Identity Manager On Demand or Starling Edition.
The IDOR vulnerability arises when applications fail to enforce proper access control mechanisms on user-supplied input, such as object references in URLs or parameters.
Are you from SOC/DFIR Teams? – Analyse Malware Files & Links with ANY.RUN Sandox -> Try for Free
Attackers can exploit this by manipulating object identifiers to gain unauthorized access to resources or escalate privileges. In the context of Identity Manager, this could allow attackers to:
Such vulnerabilities are particularly dangerous when chained with other exploits, enabling attackers to achieve vertical privilege escalation, where they gain access to higher-level permissions than initially granted.
The vulnerability impacts customers using One Identity Manager versions 9.0.x through 9.2.1. Specifically:
It is critical for affected organizations to address this flaw immediately to prevent potential exploitation.
One Identity has released hotfixes for all the impacted versions to address this vulnerability. Customers are urged to:
Apply the relevant hotfix for their version,
Alternatively, upgrade to version 9.3, which resolves the vulnerability entirely.
The hotfixes include robust access control mechanisms designed to mitigate IDOR risks by validating user permissions before granting access to sensitive resources.
Exploiting IDOR vulnerabilities can lead to severe consequences, including unauthorized data access, account takeovers, and system compromise.
Hence, by addressing these vulnerabilities proactively, organizations can safeguard their systems against privilege escalation threats and maintain robust security postures.
Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar
The Reserve Bank of India (RBI) has issued a directive requiring all banking institutions in…
A newly discovered malware campaign is targeting Docker environments, employing a sophisticated, multi-layered obfuscation technique…
The pace of technological change in today’s business environment is unprecedented. Organizations are racing to…
Cyber risk appetite represents the amount and type of cyber risk an organization is willing…
A new campaign by Russian threat actors. These actors are exploiting legitimate Microsoft OAuth 2.0…
Security researchers at Fortinet's FortiGuard Labs have uncovered a sophisticated phishing campaign that uses weaponized…