13 matches found
CVE-2024-39669
In the Console in Soffid IAM before 3.5.39, necessary checks were not applied to some Java objects. A malicious agent could possibly execute arbitrary code in the Sync Server and compromise security...
EUVD-2017-18298
Malware in sbrugna...
CVE-2024-39669
In the Console in Soffid IAM before 3.5.39, necessary checks were not applied to some Java objects. A malicious agent could possibly execute arbitrary code in the Sync Server and compromise security...
CVE-2024-39669
The CVE-2024-39669 issue affects Soffid IAM Console prior to 3.5.39 (and related releases per advisories), caused by insufficient checks on certain Java objects. The underlying flaw allows a malicious actor to potentially execute arbitrary code in the Sync Server, leading to a security compromise...
CVE-2024-39669
In the Console in Soffid IAM before 3.5.39, necessary checks were not applied to some Java objects. A malicious agent could possibly execute arbitrary code in the Sync Server and compromise security...
CVE-2024-39669
In the Console in Soffid IAM before 3.5.39, necessary checks were not applied to some Java objects. A malicious agent could possibly execute arbitrary code in the Sync Server and compromise security...
PT-2024-28608 · Soffid · Soffid Iam
Name of the Vulnerable Software and Affected Versions: Soffid IAM versions prior to 3.5.39 Description: The issue arises from insufficient checks applied to certain Java objects in the Console component of Soffid IAM. This could allow a malicious agent to execute arbitrary code in the Sync Server...
Soffid IAM console arbitrary code execution vulnerability
Soffid IAM console is a distributed Identity Manager console program that supports SQL-based and file-based authentication for both web and natively-based applications. A security vulnerability exists in Soffid IAM console version 1.7.4 and earlier. A remote attacker can exploit the vulnerability...
CVE-2017-9363
Untrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to achieve arbitrary remote code execution via a crafted authentication request...
CVE-2017-9363
Untrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to achieve arbitrary remote code execution via a crafted authentication request...
Cross site request forgery (csrf)
Untrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to achieve arbitrary remote code execution via a crafted authentication request...
CVE-2017-9363
Soffid IAM console before version 1.7.5 is affected by an unauthenticated remote code execution vulnerability due to untrusted Java serialization in the authentication request. Exploitation allows a remote attacker to execute arbitrary code on the server by sending a crafted authentication reques...
CVE-2017-9363
Untrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to achieve arbitrary remote code execution via a crafted authentication request...