CRITICAL🇵🇱 Wersja polska

CVE-2024-56404

CVSS 9.9v3.1pub. 2025-01-24upd. 2026-04-15

In One Identity Identity Manager 9.x before 9.3, an insecure direct object reference (IDOR) vulnerability allows privilege escalation. Only On-Premise installations are affected.

🤖 AI Analysis
How it works

The vulnerability results from improper authorization verification when referencing objects (CWE-302 — improper authentication verification). A logged-in user with low privileges can directly reference system objects (IDOR) that they normally should not have access to, thereby bypassing authorization control mechanisms. The result is the possibility of privilege escalation within the identity management system.

Impact

An attacker with an account in the system can obtain a higher level of privileges, potentially taking control of critical resources and data managed by the Identity Manager platform, which includes confidentiality, integrity, and system availability.

Mitigation & patch

One Identity Identity Manager should be updated to version 9.3 or later. Detailed information about the patch is available in the vendor's release notes at https://support.oneidentity.com/technical-documents/identity-manager/9.3/release-notes/

Who is affected

One Identity Identity Manager in versions 9.x before 9.3, On-Premise installations only.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPEIDOR
CWE
References