CVE-2022-2338 MEDIUM

CVE-2022-2338: Softing Secure Integration Server Cleartext Transmission of Sensitive Information

Vendor Softing
Product Secure Integration Server
Weakness CWE-319 · Cleartext transmission
Published August 17, 2022
Last update April 16, 2025

CVSS base score

5.7/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the administration interface is accessible via plaintext HTTP protocol, facilitating the attack. The HTTP request may contain the session cookie in the request, which may be captured for use in authenticating to the server.

Key dates

02Disclosure timeline

August 17, 2022 CVE published
April 16, 2025 Record updated

Related vulnerabilities

04Related CVE