CVE-2024-56404

Summary

In One Identity Identity Manager 9.x before 9.3, an insecure direct object reference (IDOR) vulnerability allows privilege escalation. Only On-Premise installations are affected.

Affected Software

VendorProductVersion RangeStatus
OneIdentityIdentity Manager9.0.0 < 9.3affected

Weaknesses

  • CWE-302: CWE-302 Authentication Bypass by Assumed-Immutable Data

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References