Privilege Escalation in Salesforce Using APEX

by Polyrize
Posted on Jul 16th, 2020

This article describes in detail a Salesforce privilege escalation scenario that the Polyrize research team discovered whereby a malicious insider exploits Author Apex permission to take over an organization’s Salesforce account and all data within it. The user abuses the fact that some APEX code can be executed in System Mode context, which bypasses their standard limited permissions and enables them to grant themselves admin-level or privileged access without being an admin or privileged user. 

Privilege escalation techniques for IaaS (like AWS or GCP) have been well-known for a while (like this one, this one, and these ones). However, SaaS privilege escalation constitutes a new class of exploit that has emerged and is often overlooked by security teams. However, since the potential damage to a company’s business continuity, finances, and reputation is so substantial, preventing privilege escalation then, is critical to securing cloud environments and the business critical data stored and shared within them. 

Read The Full Article on the Cloud Security Alliance Blog 


New Utility From The Polyrize Research Team!

In this blog post the Polyrize Research Team introduced a new utility to find users who are capable of privilege escalation using APEX. You can Get the utility here.

  • General