Vendor
Soffidiam
Products
2
CVEs
3
Across products
4
Status
Private
Products
2- 2 CVEs
- 2 CVEs
Recent CVEs
3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-39669 | Cri | 0.64 | 9.8 | 0.00 | Jun 27, 2024 | In the Console in Soffid IAM before 3.5.39, necessary checks were not applied to some Java objects. A malicious agent could possibly execute arbitrary code in the Sync Server and compromise security. | ||
| CVE-2017-9363 | Cri | 0.64 | 9.8 | 0.04 | Jun 2, 2017 | Untrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to achieve arbitrary remote code execution via a crafted authentication request. | ||
| CVE-2024-51026 | Med | 0.35 | 5.4 | 0.01 | Nov 11, 2024 | The NetAdmin IAM system (version 4.0.30319) has a Cross Site Scripting (XSS) vulnerability in the /BalloonSave.ashx endpoint, where it is possible to inject a malicious payload into the Content= field. |
- risk 0.64cvss 9.8epss 0.00
In the Console in Soffid IAM before 3.5.39, necessary checks were not applied to some Java objects. A malicious agent could possibly execute arbitrary code in the Sync Server and compromise security.
- risk 0.64cvss 9.8epss 0.04
Untrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to achieve arbitrary remote code execution via a crafted authentication request.
- risk 0.35cvss 5.4epss 0.01
The NetAdmin IAM system (version 4.0.30319) has a Cross Site Scripting (XSS) vulnerability in the /BalloonSave.ashx endpoint, where it is possible to inject a malicious payload into the Content= field.