CVE-2023-2679 : Data leakage in Adobe connector in Snow Software SPE 9.27.0 on Windows allows pr

Data leakage in Adobe connector in Snow Software SPE 9.27.0 on Windows allows privileged user to observe other users data.

Published 2023-05-17 13:15:09

Updated 2023-05-25 19:38:26

Source Snow Software

View at NVD, CVE.org

Products affected by CVE-2023-2679

Snowsoftware » Snow License Manager » Service Provider Edition
Versions from including (>=) 9.27 and before (<) 9.30
cpe:2.3:a:snowsoftware:snow_license_manager:*:*:*:*:service_provider:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A

EPSS FAQ

0.10%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 29 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	2.8	1.4	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None
4.1	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N	2.3	1.4	Snow Software
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Changed Confidentiality: Low Integrity: None Availability: None

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Assigned by: security@snowsoftware.com (Secondary)

Jump to