Critical One Identity Manager Vulnerability Enables Privilege Escalation for Attackers
Blog post from SSOJet
One Identity Manager versions 9.0.x through 9.2.1 for on-premise installations have been identified as vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability, which can be exploited when applications do not implement proper access control on user inputs, potentially leading to unauthorized access to administrative functions, modification of user roles, and exposure to sensitive configurations. This vulnerability is particularly perilous when combined with other exploits, as it can result in vertical privilege escalation. One Identity has issued hotfixes for all affected versions, which include improved access control measures to mitigate the risks associated with IDOR by validating user permissions before granting access to sensitive resources. Affected organizations are urged to apply the relevant hotfixes or upgrade to version 9.3, which completely resolves the vulnerability, to safeguard against unauthorized data access and account takeovers.
No tracked trend matches for this post yet.