CVE-2024-0860: Cleartext Transmission of Sensitive Information in Softing edgeConnector and edgeAggregator
First published: Thu Mar 14 2024(Updated: )
The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker to capture packets to craft their own requests.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Softing edgeConnector | ||
| Softing edgeAggregator | ||
| Softing edgeAggregator | =3.60 | |
| Softing edgeConnector | =3.60 |
Remedy
Update Softing edgeConnector and edgeAggregator to v3.70 or greater.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-0860?
CVE-2024-0860 is classified as a high-severity vulnerability.
What products are affected by CVE-2024-0860?
CVE-2024-0860 affects Softing edgeConnector and Softing edgeAggregator versions 3.60.
How do I fix CVE-2024-0860?
To fix CVE-2024-0860, ensure that sensitive information is transmitted over secure channels such as HTTPS.
What type of information is at risk in CVE-2024-0860?
CVE-2024-0860 exposes sensitive information due to cleartext transmission, which can be intercepted by attackers.
Could CVE-2024-0860 lead to other attacks?
Yes, attackers could use the information captured from CVE-2024-0860 to craft their own malicious requests.
- agent/remedy
- agent/weakness
- agent/references
- agent/title
- agent/type
- agent/description
- agent/first-publish-date
- agent/severity
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/guess-ai
- agent/software-canonical-lookup
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- vendor/softing
- canonical/softing edgeaggregator
- version/softing edgeaggregator/3.60
- canonical/softing edgeconnector
- version/softing edgeconnector/3.60