Aggregates CVE and security vulnerability intelligence across all snapt-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk csrf and vendor risk command injection and related security problems, affecting vendor surface production workloads and vendor surface software deployment scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-24237 | The snaptPowered2 component of Snapt Aria v12.8 was discovered to contain a command injection vulnerability. This vulnerability allows authenticated attackers to execute arbitrary commands. | [email protected] | 8.8 | 23.45% | 2022-03-21 | 2024-11-21 |
| CVE-2022-24236 | An insecure permissions vulnerability in Snapt Aria v12.8 allows unauthenticated attackers to send e-mails from spoofed users' accounts. | [email protected] | 3.5 | 0.34% | 2022-03-21 | 2024-11-21 |
| CVE-2022-24235 | A Cross-Site Request Forgery (CSRF) in the management portal of Snapt Aria v12.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors. | [email protected] | 8.8 | 0.16% | 2022-03-21 | 2024-11-21 |