CVE-2017-9363

CRITICAL

Soffid IAM <1.7.5 - Code Injection

Title source: llm

Description

Untrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to achieve arbitrary remote code execution via a crafted authentication request.

References (1)

[Exploit, Third Party Advisory] http://www.soffid.com/security-advisory1-update/

Scores

CVSS v3 9.8

EPSS 0.0410

EPSS Percentile 88.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status draft

Affected Products (1)

soffid/iam < 1.7.4

Timeline

Published Jun 02, 2017

Tracked Since Feb 18, 2026