PT-2023-26898 · Snow · Software License Manager
Published
2023-08-11
·
Updated
2023-08-18
·
CVE-2023-3937
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Snow Software License Manager versions 9.0.0 through 9.30.1
Description
The issue is a cross site scripting vulnerability in the web portal of Snow Software License Manager. This allows an authenticated user with high privileges to trigger a cross site scripting attack via the web browser.
Recommendations
For Snow Software License Manager versions 9.0.0 through 9.30.1, consider restricting access to the web portal until a patch is available. As a temporary workaround, limit the privileges of authenticated users to minimize the risk of exploitation.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Software License Manager