Cyber Posture

CVE-2024-56404

Critical

Published: 24 January 2025

Published
24 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0030 53.6th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-56404 is a critical-severity Authentication Bypass by Assumed-Immutable Data (CWE-302) vulnerability in Oneidentity (inferred from references). Its CVSS base score is 9.9 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 46.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match
prevent

AC-3 enforces approved access authorizations, directly preventing IDOR exploitation by ensuring manipulated object references are denied for unauthorized users.

SI-2 Flaw Remediation good match
prevent

SI-2 identifies and remediates flaws like this IDOR vulnerability through timely patching, such as upgrading to One Identity Identity Manager 9.3.

AC-6 Least Privilege partial match
prevent

AC-6 applies least privilege to restrict the potential impact of privilege escalation achieved via IDOR exploitation.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

IDOR vulnerability directly enables remote privilege escalation from low-privileged authenticated access, matching Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

In One Identity Identity Manager 9.x before 9.3, an insecure direct object reference (IDOR) vulnerability allows privilege escalation. Only On-Premise installations are affected.

Deeper analysisAI

CVE-2024-56404 is an insecure direct object reference (IDOR) vulnerability, mapped to CWE-302, in One Identity Identity Manager 9.x versions before 9.3. Only on-premise installations are affected. The issue enables privilege escalation and carries a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), marking it as critical due to its network accessibility, low complexity, low privilege requirements, lack of user interaction, and high impacts across confidentiality, integrity, availability, and scope.

An authenticated attacker with low privileges can exploit this IDOR flaw remotely to escalate privileges. Exploitation requires no user interaction and can lead to full compromise of the targeted system, granting high-level access and potentially disrupting or extracting sensitive identity management data.

Vendor advisories recommend upgrading to One Identity Identity Manager 9.3, where the vulnerability is addressed, as outlined in the product notification at https://support.oneidentity.com/product-notification/noti-00001678 and the 9.3 release notes at https://support.oneidentity.com/technical-documents/identity-manager/9.3/release-notes/. Further details are available on the One Identity community forum at https://www.oneidentity.com/community/identity-manager/.

Details

CWE(s)
CWE-302

Affected Products

Oneidentity
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2025-47158Shared CWE-302
CVE-2025-63210Shared CWE-302
CVE-2026-40285Shared CWE-302
CVE-2026-39429Shared CWE-302
CVE-2025-24876Shared CWE-302

References