Search criteria
8 vulnerabilities found for snow_license_manager by snowsoftware
CVE-2023-3937 (GCVE-0-2023-3937)
Vulnerability from nvd – Published: 2023-08-11 11:28 – Updated: 2024-10-03 20:27
VLAI?
Title
Cross site scripting vulnerabilities in Snow License Manager
Summary
Cross site scripting vulnerability in web portal in Snow Software License Manager from version 9.0.0 up to and including 9.30.1 on Windows allows an authenticated user with high privileges to trigger cross site scripting attack via the web browser
Severity ?
4.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Snow Software | Snow License Manager |
Affected:
9.0.0 , ≤ 9.30.1
(0)
|
Credits
Can Doğu & Himanshu Giri
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.686Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.snowsoftware.com/s/feed/0D56M00009gUexuSAC"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3937",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T20:27:08.462859Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T20:27:22.370Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"x86",
"64 bit",
"32 bit"
],
"product": "Snow License Manager",
"vendor": "Snow Software",
"versions": [
{
"lessThanOrEqual": "9.30.1",
"status": "affected",
"version": "9.0.0",
"versionType": "0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Can Do\u011fu \u0026 Himanshu Giri"
}
],
"datePublic": "2023-08-11T01:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross site scripting vulnerability in web portal in Snow Software License Manager from version 9.0.0 up to and including 9.30.1 on Windows allows an authenticated user with high privileges to trigger cross site scripting attack via the web browser"
}
],
"value": "Cross site scripting vulnerability in web portal in Snow Software License Manager from version 9.0.0 up to and including 9.30.1 on Windows allows an authenticated user with high privileges to trigger cross site scripting attack via the web browser"
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-11T13:53:50.811Z",
"orgId": "ea911274-ddd9-4e68-b39a-d7d6ae8b8a65",
"shortName": "Snow"
},
"references": [
{
"url": "https://community.snowsoftware.com/s/feed/0D56M00009gUexuSAC"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to SLM version 9.30.2"
}
],
"value": "Upgrade to SLM version 9.30.2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Cross site scripting vulnerabilities in Snow License Manager",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ea911274-ddd9-4e68-b39a-d7d6ae8b8a65",
"assignerShortName": "Snow",
"cveId": "CVE-2023-3937",
"datePublished": "2023-08-11T11:28:30.185Z",
"dateReserved": "2023-07-25T13:29:16.203Z",
"dateUpdated": "2024-10-03T20:27:22.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3864 (GCVE-0-2023-3864)
Vulnerability from nvd – Published: 2023-08-11 11:24 – Updated: 2024-10-09 19:13
VLAI?
Title
SQL injection vulnerability in Snow License Manager
Summary
Blind SQL injection in a service running in Snow Software license manager from version 8.0.0 up to and including 9.30.1 on Windows allows a logged in user with high privileges to inject SQL commands via the web portal.
Severity ?
7.2 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Snow Software | SLM |
Affected:
8.0.0 , ≤ 9.30.1
(0)
|
Credits
Can Doğu
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.snowsoftware.com/s/feed/0D56M00009gUexuSAC"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:snowsoftware:snow_license_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "snow_license_manager",
"vendor": "snowsoftware",
"versions": [
{
"lessThanOrEqual": "9.30.1",
"status": "affected",
"version": "8.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3864",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:10:50.874637Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:13:07.827Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"x86",
"64 bit",
"32 bit"
],
"product": "SLM",
"vendor": "Snow Software",
"versions": [
{
"lessThanOrEqual": "9.30.1",
"status": "affected",
"version": "8.0.0",
"versionType": "0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Can Do\u011fu"
}
],
"datePublic": "2023-08-11T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Blind SQL injection in a service running in Snow Software license manager from version 8.0.0 up to and including 9.30.1 on Windows allows a logged in user with high privileges to inject SQL commands via the web portal."
}
],
"value": "Blind SQL injection in a service running in Snow Software license manager from version 8.0.0 up to and including 9.30.1 on Windows allows a logged in user with high privileges to inject SQL commands via the web portal."
}
],
"impacts": [
{
"capecId": "CAPEC-7",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-7 Blind SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-11T11:24:05.823Z",
"orgId": "ea911274-ddd9-4e68-b39a-d7d6ae8b8a65",
"shortName": "Snow"
},
"references": [
{
"url": "https://community.snowsoftware.com/s/feed/0D56M00009gUexuSAC"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to version 9.30.2 or if running 9.27.0 apply the hotfix 9.27.1"
}
],
"value": "Upgrade to version 9.30.2 or if running 9.27.0 apply the hotfix 9.27.1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SQL injection vulnerability in Snow License Manager",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ea911274-ddd9-4e68-b39a-d7d6ae8b8a65",
"assignerShortName": "Snow",
"cveId": "CVE-2023-3864",
"datePublished": "2023-08-11T11:24:05.823Z",
"dateReserved": "2023-07-24T13:51:33.771Z",
"dateUpdated": "2024-10-09T19:13:07.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2679 (GCVE-0-2023-2679)
Vulnerability from nvd – Published: 2023-05-17 12:55 – Updated: 2025-03-05 18:59
VLAI?
Title
Data leakage in Adobe connector for SPE edition of SLM
Summary
Data leakage in Adobe connector in Snow Software SPE 9.27.0 on Windows allows privileged user to observe other users data.
Severity ?
4.1 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Snow Software | SPE SLM |
Affected:
9.27.0 , < 9.30.0
(0)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:03.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.snowsoftware.com/s/feed/0D56M00009Ex9dySAB"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2679",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T18:36:59.400645Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T18:59:17.458Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Adobe Connector"
],
"platforms": [
"Windows"
],
"product": "SPE SLM",
"vendor": "Snow Software",
"versions": [
{
"lessThan": "9.30.0",
"status": "affected",
"version": "9.27.0",
"versionType": "0"
}
]
}
],
"datePublic": "2023-05-17T12:52:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Data leakage in Adobe connector in Snow Software SPE 9.27.0 on Windows allows privileged user to observe other users data."
}
],
"value": "Data leakage in Adobe connector in Snow Software SPE 9.27.0 on Windows allows privileged user to observe other users data."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-17T12:56:03.381Z",
"orgId": "ea911274-ddd9-4e68-b39a-d7d6ae8b8a65",
"shortName": "Snow"
},
"references": [
{
"url": "https://community.snowsoftware.com/s/feed/0D56M00009Ex9dySAB"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHotfix is ready for 9.27.0, 9.27.1, 9.28.0 and 9.29.0. Will be included from 9.30.0\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Hotfix is ready for 9.27.0, 9.27.1, 9.28.0 and 9.29.0. Will be included from 9.30.0\n"
}
],
"source": {
"discovery": "USER"
},
"title": "Data leakage in Adobe connector for SPE edition of SLM",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ea911274-ddd9-4e68-b39a-d7d6ae8b8a65",
"assignerShortName": "Snow",
"cveId": "CVE-2023-2679",
"datePublished": "2023-05-17T12:55:58.193Z",
"dateReserved": "2023-05-12T09:08:48.538Z",
"dateUpdated": "2025-03-05T18:59:17.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0883 (GCVE-0-2022-0883)
Vulnerability from nvd – Published: 2022-05-18 16:37 – Updated: 2024-08-02 23:47
VLAI?
Title
Windows Unquoted/Trusted Service Paths
Summary
SLM has an issue with Windows Unquoted/Trusted Service Paths Security Issue. All installations version 9.x.x prior to 9.20.1 should be patched.
Severity ?
7.3 (High)
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SNOW | Snow License Manager |
Affected:
9 *
|
Credits
Software One
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:41.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.snowsoftware.com/s/feed/0D5690000BsNCO6CQO"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Snow License Manager",
"vendor": "SNOW",
"versions": [
{
"status": "affected",
"version": "9 *"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Software One"
}
],
"descriptions": [
{
"lang": "en",
"value": "SLM has an issue with Windows Unquoted/Trusted Service Paths Security Issue. All installations version 9.x.x prior to 9.20.1 should be patched."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-18T16:37:50",
"orgId": "ea911274-ddd9-4e68-b39a-d7d6ae8b8a65",
"shortName": "Snow"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.snowsoftware.com/s/feed/0D5690000BsNCO6CQO"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to SLM SLM 9.20.1 or later"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Windows Unquoted/Trusted Service Paths",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@snowsoftware.com",
"ID": "CVE-2022-0883",
"STATE": "PUBLIC",
"TITLE": "Windows Unquoted/Trusted Service Paths"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snow License Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "9",
"version_value": "*"
}
]
}
}
]
},
"vendor_name": "SNOW"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Software One"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SLM has an issue with Windows Unquoted/Trusted Service Paths Security Issue. All installations version 9.x.x prior to 9.20.1 should be patched."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-428 Unquoted Search Path or Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.snowsoftware.com/s/feed/0D5690000BsNCO6CQO",
"refsource": "MISC",
"url": "https://community.snowsoftware.com/s/feed/0D5690000BsNCO6CQO"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to SLM SLM 9.20.1 or later"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ea911274-ddd9-4e68-b39a-d7d6ae8b8a65",
"assignerShortName": "Snow",
"cveId": "CVE-2022-0883",
"datePublished": "2022-05-18T16:37:50",
"dateReserved": "2022-03-08T00:00:00",
"dateUpdated": "2024-08-02T23:47:41.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3937 (GCVE-0-2023-3937)
Vulnerability from cvelistv5 – Published: 2023-08-11 11:28 – Updated: 2024-10-03 20:27
VLAI?
Title
Cross site scripting vulnerabilities in Snow License Manager
Summary
Cross site scripting vulnerability in web portal in Snow Software License Manager from version 9.0.0 up to and including 9.30.1 on Windows allows an authenticated user with high privileges to trigger cross site scripting attack via the web browser
Severity ?
4.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Snow Software | Snow License Manager |
Affected:
9.0.0 , ≤ 9.30.1
(0)
|
Credits
Can Doğu & Himanshu Giri
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.686Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.snowsoftware.com/s/feed/0D56M00009gUexuSAC"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3937",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T20:27:08.462859Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T20:27:22.370Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"x86",
"64 bit",
"32 bit"
],
"product": "Snow License Manager",
"vendor": "Snow Software",
"versions": [
{
"lessThanOrEqual": "9.30.1",
"status": "affected",
"version": "9.0.0",
"versionType": "0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Can Do\u011fu \u0026 Himanshu Giri"
}
],
"datePublic": "2023-08-11T01:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross site scripting vulnerability in web portal in Snow Software License Manager from version 9.0.0 up to and including 9.30.1 on Windows allows an authenticated user with high privileges to trigger cross site scripting attack via the web browser"
}
],
"value": "Cross site scripting vulnerability in web portal in Snow Software License Manager from version 9.0.0 up to and including 9.30.1 on Windows allows an authenticated user with high privileges to trigger cross site scripting attack via the web browser"
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-11T13:53:50.811Z",
"orgId": "ea911274-ddd9-4e68-b39a-d7d6ae8b8a65",
"shortName": "Snow"
},
"references": [
{
"url": "https://community.snowsoftware.com/s/feed/0D56M00009gUexuSAC"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to SLM version 9.30.2"
}
],
"value": "Upgrade to SLM version 9.30.2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Cross site scripting vulnerabilities in Snow License Manager",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ea911274-ddd9-4e68-b39a-d7d6ae8b8a65",
"assignerShortName": "Snow",
"cveId": "CVE-2023-3937",
"datePublished": "2023-08-11T11:28:30.185Z",
"dateReserved": "2023-07-25T13:29:16.203Z",
"dateUpdated": "2024-10-03T20:27:22.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3864 (GCVE-0-2023-3864)
Vulnerability from cvelistv5 – Published: 2023-08-11 11:24 – Updated: 2024-10-09 19:13
VLAI?
Title
SQL injection vulnerability in Snow License Manager
Summary
Blind SQL injection in a service running in Snow Software license manager from version 8.0.0 up to and including 9.30.1 on Windows allows a logged in user with high privileges to inject SQL commands via the web portal.
Severity ?
7.2 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Snow Software | SLM |
Affected:
8.0.0 , ≤ 9.30.1
(0)
|
Credits
Can Doğu
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.snowsoftware.com/s/feed/0D56M00009gUexuSAC"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:snowsoftware:snow_license_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "snow_license_manager",
"vendor": "snowsoftware",
"versions": [
{
"lessThanOrEqual": "9.30.1",
"status": "affected",
"version": "8.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3864",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:10:50.874637Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:13:07.827Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"x86",
"64 bit",
"32 bit"
],
"product": "SLM",
"vendor": "Snow Software",
"versions": [
{
"lessThanOrEqual": "9.30.1",
"status": "affected",
"version": "8.0.0",
"versionType": "0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Can Do\u011fu"
}
],
"datePublic": "2023-08-11T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Blind SQL injection in a service running in Snow Software license manager from version 8.0.0 up to and including 9.30.1 on Windows allows a logged in user with high privileges to inject SQL commands via the web portal."
}
],
"value": "Blind SQL injection in a service running in Snow Software license manager from version 8.0.0 up to and including 9.30.1 on Windows allows a logged in user with high privileges to inject SQL commands via the web portal."
}
],
"impacts": [
{
"capecId": "CAPEC-7",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-7 Blind SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-11T11:24:05.823Z",
"orgId": "ea911274-ddd9-4e68-b39a-d7d6ae8b8a65",
"shortName": "Snow"
},
"references": [
{
"url": "https://community.snowsoftware.com/s/feed/0D56M00009gUexuSAC"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to version 9.30.2 or if running 9.27.0 apply the hotfix 9.27.1"
}
],
"value": "Upgrade to version 9.30.2 or if running 9.27.0 apply the hotfix 9.27.1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SQL injection vulnerability in Snow License Manager",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ea911274-ddd9-4e68-b39a-d7d6ae8b8a65",
"assignerShortName": "Snow",
"cveId": "CVE-2023-3864",
"datePublished": "2023-08-11T11:24:05.823Z",
"dateReserved": "2023-07-24T13:51:33.771Z",
"dateUpdated": "2024-10-09T19:13:07.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2679 (GCVE-0-2023-2679)
Vulnerability from cvelistv5 – Published: 2023-05-17 12:55 – Updated: 2025-03-05 18:59
VLAI?
Title
Data leakage in Adobe connector for SPE edition of SLM
Summary
Data leakage in Adobe connector in Snow Software SPE 9.27.0 on Windows allows privileged user to observe other users data.
Severity ?
4.1 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Snow Software | SPE SLM |
Affected:
9.27.0 , < 9.30.0
(0)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:03.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.snowsoftware.com/s/feed/0D56M00009Ex9dySAB"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2679",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T18:36:59.400645Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T18:59:17.458Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Adobe Connector"
],
"platforms": [
"Windows"
],
"product": "SPE SLM",
"vendor": "Snow Software",
"versions": [
{
"lessThan": "9.30.0",
"status": "affected",
"version": "9.27.0",
"versionType": "0"
}
]
}
],
"datePublic": "2023-05-17T12:52:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Data leakage in Adobe connector in Snow Software SPE 9.27.0 on Windows allows privileged user to observe other users data."
}
],
"value": "Data leakage in Adobe connector in Snow Software SPE 9.27.0 on Windows allows privileged user to observe other users data."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-17T12:56:03.381Z",
"orgId": "ea911274-ddd9-4e68-b39a-d7d6ae8b8a65",
"shortName": "Snow"
},
"references": [
{
"url": "https://community.snowsoftware.com/s/feed/0D56M00009Ex9dySAB"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHotfix is ready for 9.27.0, 9.27.1, 9.28.0 and 9.29.0. Will be included from 9.30.0\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Hotfix is ready for 9.27.0, 9.27.1, 9.28.0 and 9.29.0. Will be included from 9.30.0\n"
}
],
"source": {
"discovery": "USER"
},
"title": "Data leakage in Adobe connector for SPE edition of SLM",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ea911274-ddd9-4e68-b39a-d7d6ae8b8a65",
"assignerShortName": "Snow",
"cveId": "CVE-2023-2679",
"datePublished": "2023-05-17T12:55:58.193Z",
"dateReserved": "2023-05-12T09:08:48.538Z",
"dateUpdated": "2025-03-05T18:59:17.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0883 (GCVE-0-2022-0883)
Vulnerability from cvelistv5 – Published: 2022-05-18 16:37 – Updated: 2024-08-02 23:47
VLAI?
Title
Windows Unquoted/Trusted Service Paths
Summary
SLM has an issue with Windows Unquoted/Trusted Service Paths Security Issue. All installations version 9.x.x prior to 9.20.1 should be patched.
Severity ?
7.3 (High)
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SNOW | Snow License Manager |
Affected:
9 *
|
Credits
Software One
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:41.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.snowsoftware.com/s/feed/0D5690000BsNCO6CQO"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Snow License Manager",
"vendor": "SNOW",
"versions": [
{
"status": "affected",
"version": "9 *"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Software One"
}
],
"descriptions": [
{
"lang": "en",
"value": "SLM has an issue with Windows Unquoted/Trusted Service Paths Security Issue. All installations version 9.x.x prior to 9.20.1 should be patched."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-18T16:37:50",
"orgId": "ea911274-ddd9-4e68-b39a-d7d6ae8b8a65",
"shortName": "Snow"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.snowsoftware.com/s/feed/0D5690000BsNCO6CQO"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to SLM SLM 9.20.1 or later"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Windows Unquoted/Trusted Service Paths",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@snowsoftware.com",
"ID": "CVE-2022-0883",
"STATE": "PUBLIC",
"TITLE": "Windows Unquoted/Trusted Service Paths"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snow License Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "9",
"version_value": "*"
}
]
}
}
]
},
"vendor_name": "SNOW"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Software One"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SLM has an issue with Windows Unquoted/Trusted Service Paths Security Issue. All installations version 9.x.x prior to 9.20.1 should be patched."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-428 Unquoted Search Path or Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.snowsoftware.com/s/feed/0D5690000BsNCO6CQO",
"refsource": "MISC",
"url": "https://community.snowsoftware.com/s/feed/0D5690000BsNCO6CQO"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to SLM SLM 9.20.1 or later"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ea911274-ddd9-4e68-b39a-d7d6ae8b8a65",
"assignerShortName": "Snow",
"cveId": "CVE-2022-0883",
"datePublished": "2022-05-18T16:37:50",
"dateReserved": "2022-03-08T00:00:00",
"dateUpdated": "2024-08-02T23:47:41.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}