Lucene search

[email protected]CVE-2023-3864

HistoryAug 11, 2023 - 12:15 p.m.

CVE-2023-3864

2023-08-1112:15:09

CWE-89

[email protected]

web.nvd.nist.gov

cve-2023-3864

snow software

sql injection

nvd

security vulnerability

windows

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.9%

JSON

Blind SQL injection in a service running in Snow Software license manager from version 8.0.0 up to and including 9.30.1 on Windows allows a logged in user with high privileges to inject SQL commands via the web portal.

Affected configurations

NVD

Node

snowsoftwaresnow_license_managerRange8.0.0–9.30.1service_provider

AND

microsoftwindowsMatch-

CPENameOperatorVersion
snowsoftware:snow_license_managersnowsoftware snow license managerle9.30.1

CPE	Name	Operator	Version
snowsoftware:snow_license_manager	snowsoftware snow license manager	le	9.30.1

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows",
      "x86",
      "64 bit",
      "32 bit"
    ],
    "product": "SLM",
    "vendor": "Snow Software",
    "versions": [
      {
        "lessThanOrEqual": "9.30.1",
        "status": "affected",
        "version": "8.0.0",
        "versionType": "0"
      }
    ]
  }
]

References

community.snowsoftware.com/s/feed/0D56M00009gUexuSAC

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.9%

JSON

Related for CVE-2023-3864

nvd1 prion1 cvelist1