Privilege Escalation in Salesforce Using APEX
This article describes in detail a Salesforce privilege escalation scenario that the Polyrize research team discovered whereby a malicious insider exploits Author Apex permission to take over an organization’s Salesforce account and all data within it. The user abuses the fact that some APEX code can be executed in System Mode context, which bypasses their standard limited permissions and enables them to grant themselves admin-level or privileged access without being an admin or privileged user.
Privilege escalation techniques for IaaS (like AWS or GCP) have been well-known for a while (like this one, this one, and these ones). However, SaaS privilege escalation constitutes a new class of exploit that has emerged and is often overlooked by security teams. However, since the potential damage to a company’s business continuity, finances, and reputation is so substantial, preventing privilege escalation then, is critical to securing cloud environments and the business critical data stored and shared within them.
New Utility From The Polyrize Research Team!
In this blog post the Polyrize Research Team introduced a new utility to find users who are capable of privilege escalation using APEX. You can Get the utility here.