Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 6.12.0; Inventory Agent: through 6.14.5; Inventory Agent: through 6.7.2.
References
Link | Resource |
---|---|
https://community.snowsoftware.com/s/feed/0D5Td000004YtMcKAK | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
15 Feb 2024, 17:52
Type | Values Removed | Values Added |
---|---|---|
First Time |
Snowsoftware
Microsoft windows Snowsoftware snow Inventory Agent Apple Apple macos Microsoft Linux linux Kernel Linux |
|
CWE | CWE-347 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
References | () https://community.snowsoftware.com/s/feed/0D5Td000004YtMcKAK - Vendor Advisory | |
CPE | cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* cpe:2.3:a:snowsoftware:snow_inventory_agent:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:a:snowsoftware:snow_inventory_agent:6.12.0:*:*:*:*:*:*:* cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* |
08 Feb 2024, 13:44
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-08 13:15
Updated : 2024-02-28 20:54
NVD link : CVE-2024-1149
Mitre link : CVE-2024-1149
CVE.ORG link : CVE-2024-1149
JSON object : View
Products Affected
linux
- linux_kernel
microsoft
- windows
apple
- macos
snowsoftware
- snow_inventory_agent
CWE
CWE-347
Improper Verification of Cryptographic Signature