CVE-2023-2679: Data leakage in Adobe connector for SPE edition of SLM
Published May 17, 2023
·Updated
Data leakage in Adobe connector in Snow Software SPE 9.27.0 on Windows allows privileged user to observe other users data.
Affected Software
2 affected components
Snowsoftware Snow License Manager>=9.27<9.30
Microsoft Windows
Remediation
Information
Hotfix is ready for 9.27.0, 9.27.1, 9.28.0 and 9.29.0. Will be included from 9.30.0
Event History
May 17, 2023
CVE Published
via MITRE·12:55 PM
Data Sourced
via MITRE·12:55 PM
RemedyDescriptionSeverityWeakness
Frequently Asked Questions
1
What is CVE-2023-2679?
CVE-2023-2679 is a vulnerability in the Adobe connector in Snow Software SPE 9.27.0 on Windows that allows a privileged user to observe other users' data.
2
What is the severity of CVE-2023-2679?
The severity of CVE-2023-2679 is medium (4.3).
3
How does CVE-2023-2679 impact Snow Software SPE?
CVE-2023-2679 allows a privileged user to observe other users' data in the Adobe connector of Snow Software SPE 9.27.0 on Windows.
4
Is Snow License Manager affected by CVE-2023-2679?
Yes, Snow License Manager version 9.27.0 to 9.30.0 is affected by CVE-2023-2679.
5
Is Microsoft Windows affected by CVE-2023-2679?
No, Microsoft Windows is not vulnerable to CVE-2023-2679.
6
How can I fix CVE-2023-2679?
To fix CVE-2023-2679, it is recommended to update Snow Software SPE to a version above 9.30.0.