4 matches found
CVE-2022-0883
Snow License Manager (SLM) 9.x.x prior to 9.20.1 is affected by a Windows Unquoted/Trusted Service Paths issue (CVE-2022-0883). The vulnerability is described across multiple sources as a security issue in SLM’s Windows service path handling. A patch to version 9.20.1 or later is recommended to r...
CVE-2023-2679
CVE-2023-2679 affects Snow Software SPE 9.27.0 on Windows, via the Adobe connector, enabling a privileged user to observe other users’ data due to privilege-management issues. Official sources (NVD) cite data leakage with CVSS 3.1 base scores around 4.1–4.3 (MEDIUM). No patch/version fix is docum...
CVE-2023-3864
CVE-2023-3864 describes a blind SQL injection vulnerability in the Snow Software License Manager web portal. Affected versions are 8.0.0 through 9.30.1 on Windows. The issue allows a logged-in user with high privileges to inject SQL commands via the web portal, with impacts on confidentiality, in...
CVE-2023-3937
Snow Software License Manager (web portal) versions 9.0.0–9.30.1 on Windows are affected by a cross-site scripting vulnerability. An authenticated user with high privileges can trigger XSS via the web browser; the issue originates in the web portal and affects the stated versions. Exploitation de...