Primary

Context

One Identity Identity Manager Privilege Escalation Vulnerability

Vulnerability

A privilege escalation vulnerability due to insecure direct object reference (IDOR) has been identified in One Identity Identity Manager versions 9.0.x prior to 9.2.1. This vulnerability affects only On-Premise installations, allowing unauthorized users to gain elevated privileges.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing users to gain elevated rights or access within the application.

Remediation

One Identity has released hotfixes for all impacted versions: 9.0.x LTS CU3, 9.1x, and 9.2.x. Instructions for applying these hotfixes can be found in the One Identity Knowledge Base article 4378024.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

One Identity Identity Manager Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating