Identity Manager 产品通知
| Description of the issue: An Insecure Direct Object Reference (IDOR) vulnerability has been identified in Identity Manager which in certain configurations may allow an individual to gain unauthorised privilege escalation. This has been officially reported as CVE-2024-56404. This issue impacts only On-Premise installations and does not impact customers using Identity Manager On Demand or Identity Manager On Demand Starling Edition. How does this affect me? All customers on versions 9.0.x to 9.2.1 are vulnerable to this defect. One Identity strongly suggests applying the appropriate hotfix below for your version or upgrading to 9.3 as soon as possible. Note: 9.0.x LTS requires CU3 to be applied before the hotfix is installed. Resolution One Identity has created hotfixes for all impacted versions: - 9.0.x LTS CU3 - 9.1x - 9.2.x For instructions on how to apply these hotfixes, please see KB 4378024. We apologize for the inconvenience this issue may have caused. |
|
|