VYPR

IAM

by Soffidiam

CVEs (2)

  • CVE-2017-9363CriJun 2, 2017
    risk 0.64cvss 9.8epss 0.03

    Untrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to achieve arbitrary remote code execution via a crafted authentication request.

  • CVE-2024-51026MedNov 11, 2024
    risk 0.35cvss 5.4epss 0.00

    The NetAdmin IAM system (version 4.0.30319) has a Cross Site Scripting (XSS) vulnerability in the /BalloonSave.ashx endpoint, where it is possible to inject a malicious payload into the Content= field.