A critical Insecure Direct Object Reference (IDOR) vulnerability has been identified in One Identity Manager, a widely used identity and access management solution.
This vulnerability, officially tracked as CVE-2024-56404, allows unauthorized privilege escalation under specific configurations.
The issue affects only On-Premise installations and does not impact customers using the Identity Manager On Demand or Starling Edition.
Understanding the Vulnerability
The IDOR vulnerability arises when applications fail to enforce proper access control mechanisms on user-supplied input, such as object references in URLs or parameters.
Are you from SOC/DFIR Teams? – Analyse Malware Files & Links with ANY.RUN Sandox -> Try for Free
Attackers can exploit this by manipulating object identifiers to gain unauthorized access to resources or escalate privileges. In the context of Identity Manager, this could allow attackers to:
- Access administrative functionalities.
- Modify user roles to assign themselves higher privileges.
- Exploit sensitive configuration files.
Such vulnerabilities are particularly dangerous when chained with other exploits, enabling attackers to achieve vertical privilege escalation, where they gain access to higher-level permissions than initially granted.
The vulnerability impacts customers using One Identity Manager versions 9.0.x through 9.2.1. Specifically:
- Versions 9.0.x LTS requires the application of CU3 (Cumulative Update 3) before installing the hotfix.
- Customers using versions 9.1x and 9.2.x are also vulnerable.
It is critical for affected organizations to address this flaw immediately to prevent potential exploitation.
Resolution and Mitigation
One Identity has released hotfixes for all the impacted versions to address this vulnerability. Customers are urged to:
Apply the relevant hotfix for their version,
Alternatively, upgrade to version 9.3, which resolves the vulnerability entirely.
The hotfixes include robust access control mechanisms designed to mitigate IDOR risks by validating user permissions before granting access to sensitive resources.
Exploiting IDOR vulnerabilities can lead to severe consequences, including unauthorized data access, account takeovers, and system compromise.
Hence, by addressing these vulnerabilities proactively, organizations can safeguard their systems against privilege escalation threats and maintain robust security postures.
Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar