Skip to main content



Necessary checks were not applied to some Java objects.

Affected Product Code Base

Soffid Console - 3.5.38


Recently the Soffid IAM team detected and corrected a vulnerability that had been detected in the product's Console. This vulnerability referred to the possibility that a malicious agent could execute arbitrary code in the Sync Server and compromise security.

Upgrading to version 3.5.39 or later of the Soffid Console fixes this vulnerability.

The vulnerability has been registered in the CVE, short for Common Vulnerabilities and Exposures with the code CVE-2024-39669. The CVE system is a crucial component of modern cybersecurity, providing a standardized and widely accepted basis for vulnerability identification and reference.