PT-2023-6623 · Adobe+1 · Connector+1
Published
2023-05-17
·
Updated
2023-05-25
·
CVE-2023-2679
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Snow Software SPE version 9.27.0
Description
The issue is related to data leakage in the Adobe connector of Snow Software SPE, allowing a privileged user to observe other users' data. This is connected to errors in privilege management. The exploitation of this issue can lead to unauthorized access to protected information.
Recommendations
For Snow Software SPE version 9.27.0, consider restricting access to the Adobe connector to minimize the risk of data leakage until a patch is available. As a temporary workaround, limit the privileges of users who have access to the Adobe connector to prevent them from observing other users' data. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Connector
Snow Software Spe