Lucene search

SnowCVELIST:CVE-2024-4129

HistoryMay 10, 2024 - 6:55 a.m.

CVE-2024-4129 Authentication bypass in Snow License Manager

2024-05-1006:55:53

CWE-287

Snow

www.cve.org

cve-2024-4129

authentication bypass

snow license manager

improper authentication

windows

active directory

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Improper Authentication vulnerability in Snow Software AB Snow License Manager on Windows allows a networked attacker to perform an Authentication Bypass if Active Directory Authentication is enabled.This issue affects Snow License Manager: from 9.33.2 through 9.34.0.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "Snow License Manager",
    "vendor": "Snow Software AB",
    "versions": [
      {
        "lessThanOrEqual": "9.34.0",
        "status": "affected",
        "version": "9.33.2",
        "versionType": "custom"
      }
    ]
  }
]

References

community.snowsoftware.com/s/feed/0D5Td000008dv8sKAA

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-4129