Security Advisories

• CVE-2017-9363
• CVE-2024-39669
• CVE-2025-xxxx

CVE-2017-9363

Title

Untrusted Java serialization in Soffid IAM console.

Affected Product Code Base

Soffid Console - 1.7.5

Descripition

Untrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to achieve arbitrary remote code execution via a crafted authentication request

CVE-2024-39669

Title

Necessary checks were not applied to some Java objects.

Affected Product Code Base

Soffid Console - 3.5.38

Descripition

Recently the Soffid IAM team detected and corrected a vulnerability that had been detected in the product's Console. This vulnerability referred to the possibility that a malicious agent could execute arbitrary code in the Sync Server and compromise security.

Upgrading to version 3.5.39 or later of the Soffid Console fixes this vulnerability.

The vulnerability has been registered in the CVE, short for Common Vulnerabilities and Exposures with the code CVE-2024-39669. The CVE system is a crucial component of modern cybersecurity, providing a standardized and widely accepted basis for vulnerability identification and reference. 

CVE-2025-xxxx

Title

Necessary authorization to use pam service.

Affected Product Code Base

Soffid Console - 3.6.31

Descripition

Recently the Soffid IAM team detected and corrected a low vulnerability that had been detected in the product's Console. This vulnerability referred to the authorization to use pam service.

Upgrading to version 3.6.32 or later of the Soffid Console fixes this vulnerability.

The vulnerability has been registered in the CVE, short for Common Vulnerabilities and Exposures with the code CVE-20254-XXXXX. The CVE system is a crucial component of modern cybersecurity, providing a standardized and widely accepted basis for vulnerability identification and reference.