Critical IDOR Vulnerability in One Identity Manager Exposes Privilege Escalation Risk

An IDOR defect in One Identity Manager enables privilege elevation attacks against on-premise deployments while providing unauthorized access and threatening system control.

The widespread Identity and Access Management solution One Identity Manager contains an unstable Insecure Direct Object Reference (IDOR) which poses severe risks for privileged account escalation. Specific configurations enable cyber attackers to raise their privileges through CVE-2024-56404 thereby putting systems at great security risk.

The defect exists exclusively in On-Premise deployments of One Identity Manager yet remains absent from both On Demand and Starling Editions. User-supplied input lacks proper access controls on the application which lets attackers modify object references so they can access sensitive resources they should not have access to. Attackers through this vulnerability can execute administrative functions and gain unauthorized privileges while exploiting configuration files.

This vulnerability exists across all One Identity Manager version 9.0.x releases up to version 9.2.1. LTS customers using version 9.0.x must install Cumulative Update 3 (CU3) before applying this hotfix along with customers using versions 9.1x and 9.2.x who remain vulnerable. The One Identity team published hotfixes that block vulnerability access points before fully addressing issues in version 9.3.

All organizations need to install hotfixes with their relevant versions or immediately switch to version 9.3. Enhancements to access control systems in IAM solutions through these updates ensure unauthorized privilege escalation remains prevented. Unmanaged and unresolved privileges might grant unauthorized users system access which enables them to take over accounts and software compromise. Protecting critical data depends on preventive security practices which maintain IAM system integrity.