#VU66739 Improper Authentication in Softing AG products - CVE-2022-2336
Published: August 24, 2022 / Updated: August 24, 2022
Vulnerability identifier: #VU66739
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2022-2336
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Secure Integration Server
edgeConnector
edgeAggregator
Secure Integration Server
edgeConnector
edgeAggregator
Software vendor:
Softing AG
Softing AG
Description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to the affected software ships with the default administrator credentials as "admin" and password as "admin" and does not ask the user to change the password. A remote attacker can bypass authentication process and gain unauthorized access to the application.
Remediation
Install updates from vendor's website.