CVE-2023-3864

Name of the Vulnerable Software and Affected Versions Snow Software license manager versions 8.0.0 through 9.30.1

Description The issue is related to a blind SQL injection in a service running in the Snow Software license manager. This allows a logged-in user with high privileges to inject SQL commands via the web portal.

Recommendations For versions 8.0.0 through 9.30.1, consider restricting access to the web portal to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.