Summary: A critical security vulnerability (CVE-2024-56404) with a CVSS score of 9.9 has been discovered in One Identity Manager, a widely used identity and access management solution. This Insecure Direct Object Reference (IDOR) vulnerability may allow unauthorized privilege escalation in specific versions of the software. One Identity is advising affected customers to urgently apply hotfixes or upgrade to mitigate risks associated with this vulnerability.
Affected: One Identity Manager (versions 9.0.x to 9.2.1 for on-premise installations)
Keypoints :
- Vulnerability CVE-2024-56404 poses a serious risk by enabling privilege escalation.
- Affects only on-premise installations; cloud-based users are not impacted.
- Immediate action is required to apply hotfixes or upgrade to version 9.3.
- Detailed instructions for patching are available in One Identity’s knowledge base (KB 4378024).