CVE-2022-2338

Name of the Vulnerable Software and Affected Versions Softing Secure Integration Server version V1.22

Description The issue allows for authentication bypass via a machine-in-the-middle attack. The administration interface is accessible via plaintext HTTP protocol by default, which facilitates the attack. An HTTP request may contain a session cookie that can be captured and used for authenticating to the server.

Recommendations For Softing Secure Integration Server version V1.22, consider disabling the administration interface's accessibility via plaintext HTTP protocol as a temporary workaround until a patch is available. Restrict access to the administration interface to minimize the risk of exploitation. Avoid using the session cookie in HTTP requests until the issue is resolved.