CVE-2022-1373

Name of the Vulnerable Software and Affected Versions Softing Secure Integration Server version 1.22

Description The issue arises from a directory traversal vulnerability in the "restore configuration" feature when processing zip files. This allows an attacker to craft a zip file that can load an arbitrary dll, leading to code execution. By uploading a zip file containing a path traversal file through the "restore configuration" feature, an attacker may cause a file to be created and executed when it is written to the disk.

Recommendations For Softing Secure Integration Server version 1.22, consider disabling the "restore configuration" feature until a patch is available to prevent exploitation of the directory traversal vulnerability. Restrict access to the zip file upload functionality to minimize the risk of arbitrary code execution. Avoid using the "restore configuration" feature to upload zip files that may contain path traversal files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.