CVE-2024-56404

Name of the Vulnerable Software and Affected Versions One Identity Identity Manager versions prior to 9.3

Description An insecure direct object reference (IDOR) issue allows privilege escalation. Only On-Premise installations are affected. The vulnerability can be exploited by a remote attacker to elevate their privileges, potentially bypassing authentication through supposedly immutable data.

Recommendations One Identity Identity Manager versions prior to 9.3: Update to version 9.3 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the system to minimize the risk of exploitation until the update is applied.