Critical Vulnerability in One Identity Manager Enables Escalation

Threat: Vulnerability

Targeted Region: Global

Targeted Sector: Technology & IT

Criticality: High

EXECUTIVE SUMMARY:

A critical vulnerability in One Identity Manager, identified as CVE-2024-56404 with a CVSS score of 9.9, affects on-premises installations from versions 9.0.x to 9.2.1. This Insecure Direct Object Reference (IDOR) vulnerability could enable unauthorized privilege escalation, allowing attackers to access sensitive systems and data. One Identity Manager, widely used for managing user identities, access permissions, and security policies, faces significant risk from this flaw. Cloud-based "On Demand" versions are not impacted. Organizations using vulnerable versions of One Identity Manager must promptly apply available hotfixes or upgrade to prevent unauthorized access and data breaches. Swift action is crucial to maintaining secure identity management systems.

RECOMMENDATION:

We strongly recommend you update One Identity to below versions:

9.0.x LTS CU3
9.1x
9.2.x or upgrading to 9.3 as soon as possible

REFERENCES:

The following reports contain further technical details:
https://securityonline.info/cve-2024-56404-cvss-9-9-critical-vulnerability-discovered-in-one-identity-manager/

Recent Advisories

Oracle E-Business Suite Configurator Authentication Bypass

October 13, 2025

North Korean Malware Campaign Exploits Software Supply Chain to Target Developers

October 13, 2025

Exploitation of npm Packages to Host and Distribute Phishing Infrastructure

October 13, 2025

Vulnerability in Happy DOM Allow Arbitrary Host Code Execution

October 13, 2025

Critical Vulnerability in One Identity Manager Enables Escalation

Recent Advisories

Report an Incident