Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for snow_license_manager by snowsoftware

    CVE-2023-3937 (GCVE-0-2023-3937)

    Vulnerability from nvd – Published: 2023-08-11 11:28 – Updated: 2024-10-03 20:27
    VLAI
    Title
    Cross site scripting vulnerabilities in Snow License Manager
    Summary
    Cross site scripting vulnerability in web portal in Snow Software License Manager from version 9.0.0 up to and including 9.30.1 on Windows allows an authenticated user with high privileges to trigger cross site scripting attack via the web browser
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Snow Software Snow License Manager Affected: 9.0.0 , ≤ 9.30.1 (0)
    Create a notification for this product.
    Date Public
    2023-08-11 01:00
    Credits
    Can Doğu & Himanshu Giri
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:08:50.686Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://community.snowsoftware.com/s/feed/0D56M00009gUexuSAC"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3937",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T20:27:08.462859Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T20:27:22.370Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "x86",
                "64 bit",
                "32 bit"
              ],
              "product": "Snow License Manager",
              "vendor": "Snow Software",
              "versions": [
                {
                  "lessThanOrEqual": "9.30.1",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Can Do\u011fu \u0026 Himanshu Giri"
            }
          ],
          "datePublic": "2023-08-11T01:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Cross site scripting vulnerability in web portal in Snow Software License Manager from version 9.0.0 up to and including 9.30.1 on Windows allows an authenticated user with high privileges to trigger cross site scripting attack via the web browser"
                }
              ],
              "value": "Cross site scripting vulnerability in web portal in Snow Software License Manager from version 9.0.0 up to and including 9.30.1 on Windows allows an authenticated user with high privileges to trigger cross site scripting attack via the web browser"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-11T13:53:50.811Z",
            "orgId": "ea911274-ddd9-4e68-b39a-d7d6ae8b8a65",
            "shortName": "Snow"
          },
          "references": [
            {
              "url": "https://community.snowsoftware.com/s/feed/0D56M00009gUexuSAC"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Upgrade to SLM version 9.30.2"
                }
              ],
              "value": "Upgrade to SLM version 9.30.2"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Cross site scripting vulnerabilities in Snow License Manager",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ea911274-ddd9-4e68-b39a-d7d6ae8b8a65",
        "assignerShortName": "Snow",
        "cveId": "CVE-2023-3937",
        "datePublished": "2023-08-11T11:28:30.185Z",
        "dateReserved": "2023-07-25T13:29:16.203Z",
        "dateUpdated": "2024-10-03T20:27:22.370Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3864 (GCVE-0-2023-3864)

    Vulnerability from nvd – Published: 2023-08-11 11:24 – Updated: 2024-10-09 19:13
    VLAI
    Title
    SQL injection vulnerability in Snow License Manager
    Summary
    Blind SQL injection in a service running in Snow Software license manager from version 8.0.0 up to and including 9.30.1 on Windows allows a logged in user with high privileges to inject SQL commands via the web portal.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Snow Software SLM Affected: 8.0.0 , ≤ 9.30.1 (0)
    Create a notification for this product.
    snowsoftware snow_license_manager Affected: 8.0.0 , ≤ 9.30.1 (custom)
        cpe:2.3:a:snowsoftware:snow_license_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-08-11 13:00
    Credits
    Can Doğu
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:08:50.529Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://community.snowsoftware.com/s/feed/0D56M00009gUexuSAC"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:snowsoftware:snow_license_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "snow_license_manager",
                "vendor": "snowsoftware",
                "versions": [
                  {
                    "lessThanOrEqual": "9.30.1",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3864",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-09T19:10:50.874637Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-09T19:13:07.827Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "x86",
                "64 bit",
                "32 bit"
              ],
              "product": "SLM",
              "vendor": "Snow Software",
              "versions": [
                {
                  "lessThanOrEqual": "9.30.1",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Can Do\u011fu"
            }
          ],
          "datePublic": "2023-08-11T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Blind SQL injection in a service running in Snow Software license manager from version 8.0.0 up to and including 9.30.1 on Windows allows a logged in user with high privileges to inject SQL commands via the web portal."
                }
              ],
              "value": "Blind SQL injection in a service running in Snow Software license manager from version 8.0.0 up to and including 9.30.1 on Windows allows a logged in user with high privileges to inject SQL commands via the web portal."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-7",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-7 Blind SQL Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-11T11:24:05.823Z",
            "orgId": "ea911274-ddd9-4e68-b39a-d7d6ae8b8a65",
            "shortName": "Snow"
          },
          "references": [
            {
              "url": "https://community.snowsoftware.com/s/feed/0D56M00009gUexuSAC"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Upgrade to version 9.30.2 or if running 9.27.0 apply the hotfix 9.27.1"
                }
              ],
              "value": "Upgrade to version 9.30.2 or if running 9.27.0 apply the hotfix 9.27.1"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "SQL injection vulnerability in Snow License Manager",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ea911274-ddd9-4e68-b39a-d7d6ae8b8a65",
        "assignerShortName": "Snow",
        "cveId": "CVE-2023-3864",
        "datePublished": "2023-08-11T11:24:05.823Z",
        "dateReserved": "2023-07-24T13:51:33.771Z",
        "dateUpdated": "2024-10-09T19:13:07.827Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2679 (GCVE-0-2023-2679)

    Vulnerability from nvd – Published: 2023-05-17 12:55 – Updated: 2025-03-05 18:59
    VLAI
    Title
    Data leakage in Adobe connector for SPE edition of SLM
    Summary
    Data leakage in Adobe connector in Snow Software SPE 9.27.0 on Windows allows privileged user to observe other users data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    Snow Software SPE SLM Affected: 9.27.0 , < 9.30.0 (0)
    Create a notification for this product.
    Date Public
    2023-05-17 12:52
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:33:03.986Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://community.snowsoftware.com/s/feed/0D56M00009Ex9dySAB"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2679",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-05T18:36:59.400645Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-05T18:59:17.458Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Adobe Connector"
              ],
              "platforms": [
                "Windows"
              ],
              "product": "SPE SLM",
              "vendor": "Snow Software",
              "versions": [
                {
                  "lessThan": "9.30.0",
                  "status": "affected",
                  "version": "9.27.0",
                  "versionType": "0"
                }
              ]
            }
          ],
          "datePublic": "2023-05-17T12:52:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Data leakage in Adobe connector in Snow Software SPE 9.27.0 on Windows allows privileged user to observe other users data."
                }
              ],
              "value": "Data leakage in Adobe connector in Snow Software SPE 9.27.0 on Windows allows privileged user to observe other users data."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-180",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-17T12:56:03.381Z",
            "orgId": "ea911274-ddd9-4e68-b39a-d7d6ae8b8a65",
            "shortName": "Snow"
          },
          "references": [
            {
              "url": "https://community.snowsoftware.com/s/feed/0D56M00009Ex9dySAB"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHotfix is ready for 9.27.0, 9.27.1, 9.28.0 and 9.29.0. Will be included from 9.30.0\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "Hotfix is ready for 9.27.0, 9.27.1, 9.28.0 and 9.29.0. Will be included from 9.30.0\n"
            }
          ],
          "source": {
            "discovery": "USER"
          },
          "title": "Data leakage in Adobe connector for SPE edition of SLM",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ea911274-ddd9-4e68-b39a-d7d6ae8b8a65",
        "assignerShortName": "Snow",
        "cveId": "CVE-2023-2679",
        "datePublished": "2023-05-17T12:55:58.193Z",
        "dateReserved": "2023-05-12T09:08:48.538Z",
        "dateUpdated": "2025-03-05T18:59:17.458Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0883 (GCVE-0-2022-0883)

    Vulnerability from nvd – Published: 2022-05-18 16:37 – Updated: 2024-08-02 23:47
    VLAI
    Title
    Windows Unquoted/Trusted Service Paths
    Summary
    SLM has an issue with Windows Unquoted/Trusted Service Paths Security Issue. All installations version 9.x.x prior to 9.20.1 should be patched.
    CWE
    • CWE-428 - Unquoted Search Path or Element
    Assigner
    References
    Impacted products
    Credits
    Software One
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:41.940Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://community.snowsoftware.com/s/feed/0D5690000BsNCO6CQO"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Snow License Manager",
              "vendor": "SNOW",
              "versions": [
                {
                  "status": "affected",
                  "version": "9 *"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Software One"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SLM has an issue with Windows Unquoted/Trusted Service Paths Security Issue. All installations version 9.x.x prior to 9.20.1 should be patched."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-428",
                  "description": "CWE-428 Unquoted Search Path or Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-18T16:37:50.000Z",
            "orgId": "ea911274-ddd9-4e68-b39a-d7d6ae8b8a65",
            "shortName": "Snow"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://community.snowsoftware.com/s/feed/0D5690000BsNCO6CQO"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to SLM SLM 9.20.1 or later"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Windows Unquoted/Trusted Service Paths",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@snowsoftware.com",
              "ID": "CVE-2022-0883",
              "STATE": "PUBLIC",
              "TITLE": "Windows Unquoted/Trusted Service Paths"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Snow License Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "9",
                                "version_value": "*"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SNOW"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Software One"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SLM has an issue with Windows Unquoted/Trusted Service Paths Security Issue. All installations version 9.x.x prior to 9.20.1 should be patched."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-428 Unquoted Search Path or Element"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://community.snowsoftware.com/s/feed/0D5690000BsNCO6CQO",
                  "refsource": "MISC",
                  "url": "https://community.snowsoftware.com/s/feed/0D5690000BsNCO6CQO"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade to SLM SLM 9.20.1 or later"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ea911274-ddd9-4e68-b39a-d7d6ae8b8a65",
        "assignerShortName": "Snow",
        "cveId": "CVE-2022-0883",
        "datePublished": "2022-05-18T16:37:50.000Z",
        "dateReserved": "2022-03-08T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:41.940Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3937 (GCVE-0-2023-3937)

    Vulnerability from cvelistv5 – Published: 2023-08-11 11:28 – Updated: 2024-10-03 20:27
    VLAI
    Title
    Cross site scripting vulnerabilities in Snow License Manager
    Summary
    Cross site scripting vulnerability in web portal in Snow Software License Manager from version 9.0.0 up to and including 9.30.1 on Windows allows an authenticated user with high privileges to trigger cross site scripting attack via the web browser
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Snow Software Snow License Manager Affected: 9.0.0 , ≤ 9.30.1 (0)
    Create a notification for this product.
    Date Public
    2023-08-11 01:00
    Credits
    Can Doğu & Himanshu Giri
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:08:50.686Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://community.snowsoftware.com/s/feed/0D56M00009gUexuSAC"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3937",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T20:27:08.462859Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T20:27:22.370Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "x86",
                "64 bit",
                "32 bit"
              ],
              "product": "Snow License Manager",
              "vendor": "Snow Software",
              "versions": [
                {
                  "lessThanOrEqual": "9.30.1",
                  "status": "affected",
                  "version": "9.0.0",
                  "versionType": "0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Can Do\u011fu \u0026 Himanshu Giri"
            }
          ],
          "datePublic": "2023-08-11T01:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Cross site scripting vulnerability in web portal in Snow Software License Manager from version 9.0.0 up to and including 9.30.1 on Windows allows an authenticated user with high privileges to trigger cross site scripting attack via the web browser"
                }
              ],
              "value": "Cross site scripting vulnerability in web portal in Snow Software License Manager from version 9.0.0 up to and including 9.30.1 on Windows allows an authenticated user with high privileges to trigger cross site scripting attack via the web browser"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-11T13:53:50.811Z",
            "orgId": "ea911274-ddd9-4e68-b39a-d7d6ae8b8a65",
            "shortName": "Snow"
          },
          "references": [
            {
              "url": "https://community.snowsoftware.com/s/feed/0D56M00009gUexuSAC"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Upgrade to SLM version 9.30.2"
                }
              ],
              "value": "Upgrade to SLM version 9.30.2"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Cross site scripting vulnerabilities in Snow License Manager",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ea911274-ddd9-4e68-b39a-d7d6ae8b8a65",
        "assignerShortName": "Snow",
        "cveId": "CVE-2023-3937",
        "datePublished": "2023-08-11T11:28:30.185Z",
        "dateReserved": "2023-07-25T13:29:16.203Z",
        "dateUpdated": "2024-10-03T20:27:22.370Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3864 (GCVE-0-2023-3864)

    Vulnerability from cvelistv5 – Published: 2023-08-11 11:24 – Updated: 2024-10-09 19:13
    VLAI
    Title
    SQL injection vulnerability in Snow License Manager
    Summary
    Blind SQL injection in a service running in Snow Software license manager from version 8.0.0 up to and including 9.30.1 on Windows allows a logged in user with high privileges to inject SQL commands via the web portal.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Snow Software SLM Affected: 8.0.0 , ≤ 9.30.1 (0)
    Create a notification for this product.
    snowsoftware snow_license_manager Affected: 8.0.0 , ≤ 9.30.1 (custom)
        cpe:2.3:a:snowsoftware:snow_license_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-08-11 13:00
    Credits
    Can Doğu
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:08:50.529Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://community.snowsoftware.com/s/feed/0D56M00009gUexuSAC"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:snowsoftware:snow_license_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "snow_license_manager",
                "vendor": "snowsoftware",
                "versions": [
                  {
                    "lessThanOrEqual": "9.30.1",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3864",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-09T19:10:50.874637Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-09T19:13:07.827Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "x86",
                "64 bit",
                "32 bit"
              ],
              "product": "SLM",
              "vendor": "Snow Software",
              "versions": [
                {
                  "lessThanOrEqual": "9.30.1",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Can Do\u011fu"
            }
          ],
          "datePublic": "2023-08-11T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Blind SQL injection in a service running in Snow Software license manager from version 8.0.0 up to and including 9.30.1 on Windows allows a logged in user with high privileges to inject SQL commands via the web portal."
                }
              ],
              "value": "Blind SQL injection in a service running in Snow Software license manager from version 8.0.0 up to and including 9.30.1 on Windows allows a logged in user with high privileges to inject SQL commands via the web portal."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-7",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-7 Blind SQL Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-11T11:24:05.823Z",
            "orgId": "ea911274-ddd9-4e68-b39a-d7d6ae8b8a65",
            "shortName": "Snow"
          },
          "references": [
            {
              "url": "https://community.snowsoftware.com/s/feed/0D56M00009gUexuSAC"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Upgrade to version 9.30.2 or if running 9.27.0 apply the hotfix 9.27.1"
                }
              ],
              "value": "Upgrade to version 9.30.2 or if running 9.27.0 apply the hotfix 9.27.1"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "SQL injection vulnerability in Snow License Manager",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ea911274-ddd9-4e68-b39a-d7d6ae8b8a65",
        "assignerShortName": "Snow",
        "cveId": "CVE-2023-3864",
        "datePublished": "2023-08-11T11:24:05.823Z",
        "dateReserved": "2023-07-24T13:51:33.771Z",
        "dateUpdated": "2024-10-09T19:13:07.827Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2679 (GCVE-0-2023-2679)

    Vulnerability from cvelistv5 – Published: 2023-05-17 12:55 – Updated: 2025-03-05 18:59
    VLAI
    Title
    Data leakage in Adobe connector for SPE edition of SLM
    Summary
    Data leakage in Adobe connector in Snow Software SPE 9.27.0 on Windows allows privileged user to observe other users data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    Snow Software SPE SLM Affected: 9.27.0 , < 9.30.0 (0)
    Create a notification for this product.
    Date Public
    2023-05-17 12:52
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:33:03.986Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://community.snowsoftware.com/s/feed/0D56M00009Ex9dySAB"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2679",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-05T18:36:59.400645Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-05T18:59:17.458Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Adobe Connector"
              ],
              "platforms": [
                "Windows"
              ],
              "product": "SPE SLM",
              "vendor": "Snow Software",
              "versions": [
                {
                  "lessThan": "9.30.0",
                  "status": "affected",
                  "version": "9.27.0",
                  "versionType": "0"
                }
              ]
            }
          ],
          "datePublic": "2023-05-17T12:52:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Data leakage in Adobe connector in Snow Software SPE 9.27.0 on Windows allows privileged user to observe other users data."
                }
              ],
              "value": "Data leakage in Adobe connector in Snow Software SPE 9.27.0 on Windows allows privileged user to observe other users data."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-180",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-17T12:56:03.381Z",
            "orgId": "ea911274-ddd9-4e68-b39a-d7d6ae8b8a65",
            "shortName": "Snow"
          },
          "references": [
            {
              "url": "https://community.snowsoftware.com/s/feed/0D56M00009Ex9dySAB"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHotfix is ready for 9.27.0, 9.27.1, 9.28.0 and 9.29.0. Will be included from 9.30.0\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "Hotfix is ready for 9.27.0, 9.27.1, 9.28.0 and 9.29.0. Will be included from 9.30.0\n"
            }
          ],
          "source": {
            "discovery": "USER"
          },
          "title": "Data leakage in Adobe connector for SPE edition of SLM",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ea911274-ddd9-4e68-b39a-d7d6ae8b8a65",
        "assignerShortName": "Snow",
        "cveId": "CVE-2023-2679",
        "datePublished": "2023-05-17T12:55:58.193Z",
        "dateReserved": "2023-05-12T09:08:48.538Z",
        "dateUpdated": "2025-03-05T18:59:17.458Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0883 (GCVE-0-2022-0883)

    Vulnerability from cvelistv5 – Published: 2022-05-18 16:37 – Updated: 2024-08-02 23:47
    VLAI
    Title
    Windows Unquoted/Trusted Service Paths
    Summary
    SLM has an issue with Windows Unquoted/Trusted Service Paths Security Issue. All installations version 9.x.x prior to 9.20.1 should be patched.
    CWE
    • CWE-428 - Unquoted Search Path or Element
    Assigner
    References
    Impacted products
    Credits
    Software One
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:41.940Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://community.snowsoftware.com/s/feed/0D5690000BsNCO6CQO"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Snow License Manager",
              "vendor": "SNOW",
              "versions": [
                {
                  "status": "affected",
                  "version": "9 *"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Software One"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SLM has an issue with Windows Unquoted/Trusted Service Paths Security Issue. All installations version 9.x.x prior to 9.20.1 should be patched."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-428",
                  "description": "CWE-428 Unquoted Search Path or Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-18T16:37:50.000Z",
            "orgId": "ea911274-ddd9-4e68-b39a-d7d6ae8b8a65",
            "shortName": "Snow"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://community.snowsoftware.com/s/feed/0D5690000BsNCO6CQO"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to SLM SLM 9.20.1 or later"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Windows Unquoted/Trusted Service Paths",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@snowsoftware.com",
              "ID": "CVE-2022-0883",
              "STATE": "PUBLIC",
              "TITLE": "Windows Unquoted/Trusted Service Paths"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Snow License Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "9",
                                "version_value": "*"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SNOW"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Software One"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SLM has an issue with Windows Unquoted/Trusted Service Paths Security Issue. All installations version 9.x.x prior to 9.20.1 should be patched."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-428 Unquoted Search Path or Element"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://community.snowsoftware.com/s/feed/0D5690000BsNCO6CQO",
                  "refsource": "MISC",
                  "url": "https://community.snowsoftware.com/s/feed/0D5690000BsNCO6CQO"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade to SLM SLM 9.20.1 or later"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ea911274-ddd9-4e68-b39a-d7d6ae8b8a65",
        "assignerShortName": "Snow",
        "cveId": "CVE-2022-0883",
        "datePublished": "2022-05-18T16:37:50.000Z",
        "dateReserved": "2022-03-08T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:41.940Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }