Lucene search

SnowCVE-2024-4129

HistoryMay 14, 2024 - 3:42 p.m.

CVE-2024-4129

2024-05-1415:42:57

CWE-287

Snow

web.nvd.nist.gov

snow software ab

authentication bypass

windows

networked attacker

active directory

vulnerability

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

Percentile

9.0%

JSON

Improper Authentication vulnerability in Snow Software AB Snow License Manager on Windows allows a networked attacker to perform an Authentication Bypass if Active Directory Authentication is enabled.This issue affects Snow License Manager: from 9.33.2 through 9.34.0.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "Snow License Manager",
    "vendor": "Snow Software AB",
    "versions": [
      {
        "lessThanOrEqual": "9.34.0",
        "status": "affected",
        "version": "9.33.2",
        "versionType": "custom"
      }
    ]
  }
]

References

community.snowsoftware.com/s/feed/0D5Td000008dv8sKAA

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-4129