{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-20T13:35:53.611","vulnerabilities":[{"cve":{"id":"CVE-2023-39482","sourceIdentifier":"zdi-disclosures@trendmicro.com","published":"2024-05-03T03:15:14.793","lastModified":"2026-06-17T06:12:25.570","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Softing Secure Integration Server Hardcoded Cryptographic Key Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within libopcuaclient.so. The issue results from hardcoding crytographic keys within the product. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-20610."},{"lang":"es","value":"Vulnerabilidad de divulgación de información de clave criptográfica codificada en el servidor de integración seguro de Softing. Esta vulnerabilidad permite a atacantes remotos revelar información confidencial sobre las instalaciones afectadas de Softing Secure Integration Server. Aunque se requiere autenticación para aprovechar esta vulnerabilidad, se puede omitir el mecanismo de autenticación existente. La falla específica existe dentro de libopcuaclient.so. El problema se debe a la codificación de claves criptográficas dentro del producto. Un atacante puede aprovechar esta vulnerabilidad para revelar las credenciales almacenadas, lo que provocaría un mayor commit. Era ZDI-CAN-20610."}],"affected":[{"source":"zdi-disclosures@trendmicro.com","affectedData":[{"vendor":"Softing","product":"Secure Integration Server","defaultStatus":"unknown","versions":[{"version":"1.22.8686","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV30":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-07-18T13:33:02.875353Z","id":"CVE-2023-39482","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","description":[{"lang":"en","value":"CWE-321"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:softing:edgeaggregator:*:*:*:*:*:*:*:*","versionEndExcluding":"3.70","matchCriteriaId":"5ED10461-171A-4AC4-A26E-43EA002D6716"},{"vulnerable":true,"criteria":"cpe:2.3:a:softing:edgeconnector:*:*:*:*:*:*:*:*","versionEndExcluding":"3.70","matchCriteriaId":"E3896509-18EA-4FCA-B96E-FC2053898665"},{"vulnerable":true,"criteria":"cpe:2.3:a:softing:secure_integration_server:*:*:*:*:*:*:*:*","versionEndExcluding":"1.30","matchCriteriaId":"6088DDC3-8E06-4782-8069-E3ABF8094A3D"}]}]}],"references":[{"url":"https://www.zerodayinitiative.com/advisories/ZDI-23-1064/","source":"zdi-disclosures@trendmicro.com","tags":["Third Party Advisory"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-23-1064/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}