CVE-2024-1149

Name of the Vulnerable Software and Affected Versions Snow Software Inventory Agent versions prior to 6.12.0 Snow Software Inventory Agent versions prior to 6.14.5 Snow Software Inventory Agent versions prior to 6.7.2

Description The issue is related to an Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent, which allows File Manipulation through Snow Update Packages. This vulnerability affects Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, and Snow Software Inventory Agent on Linux.

Recommendations For versions prior to 6.12.0, update to a version later than 6.12.0 to resolve the issue. For versions prior to 6.14.5, update to a version later than 6.14.5 to resolve the issue. For versions prior to 6.7.2, update to a version later than 6.7.2 to resolve the issue. As a temporary workaround, consider restricting access to Snow Update Packages until a patch is available.