- Self Service Tools
- Knowledge Base
- My Account
- Notifications & Alerts
- Product Support
- Software Downloads
- Technical Documentation
- User Forums
- Video Tutorials
- RSS Feed
- Support Essentials
- Awards and Testimonials
- License Agreement
- Support Guide
Identity Manager Product Notification
| Description of the issue: An Insecure Direct Object Reference (IDOR) vulnerability has been identified in Identity Manager which in certain configurations may allow an individual to gain unauthorised privilege escalation. This has been officially reported as CVE-2024-56404. This issue impacts only On-Premise installations and does not impact customers using Identity Manager On Demand or Identity Manager On Demand Starling Edition. How does this affect me? All customers on versions 9.0.x to 9.2.1 are vulnerable to this defect. One Identity strongly suggests applying the appropriate hotfix below for your version or upgrading to 9.3 as soon as possible. Note: 9.0.x LTS requires CU3 to be applied before the hotfix is installed. Resolution One Identity has created hotfixes for all impacted versions: - 9.0.x LTS CU3 - 9.1x - 9.2.x For instructions on how to apply these hotfixes, please see KB 4378024. We apologize for the inconvenience this issue may have caused. |
|
|