CVE-2022-22703

In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cleartext user password and PSK are contained in the log file of the .exe installer.

Published: Jan 17, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-22703
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-532

Affected Software
References

Software	From	Fixed in
stormshield / network_security	2.0.0	2.1.1
stormshield / network_security	3.0.0	3.0.2

https://advisories.stormshield.eu/2022-001

Vulnerability Database

289,697

CVE-2022-22703