Home / Companies / SSOJet / Blog / Post Details
Content Deep Dive

Critical One Identity Manager Vulnerability Enables Privilege Escalation for Attackers

Blog post from SSOJet

Post Details
Company
Date Published
Author
Goverdhan Sisodia
Word Count
266
Company Posts That Month
24
Language
English
Hacker News Points
-
Summary

One Identity Manager versions 9.0.x through 9.2.1 for on-premise installations have been identified as vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability, which can be exploited when applications do not implement proper access control on user inputs, potentially leading to unauthorized access to administrative functions, modification of user roles, and exposure to sensitive configurations. This vulnerability is particularly perilous when combined with other exploits, as it can result in vertical privilege escalation. One Identity has issued hotfixes for all affected versions, which include improved access control measures to mitigate the risks associated with IDOR by validating user permissions before granting access to sensitive resources. Affected organizations are urged to apply the relevant hotfixes or upgrade to version 9.3, which completely resolves the vulnerability, to safeguard against unauthorized data access and account takeovers.

Trends Found in this Post

No tracked trend matches for this post yet.