What is CVE-2023-3864?

CVE-2023-3864 is a vulnerability that allows a logged in user with high privileges to conduct blind SQL injection in a service running in Snow Software license manager from version 8.0.0 up to and including 9.30.1 on Windows.

How can a user exploit CVE-2023-3864?

A user with high privileges can inject SQL commands via the web portal of the Snow Software license manager.

What is the severity of CVE-2023-3864?

CVE-2023-3864 has a severity rating of high (7.2).

Which software versions are affected by CVE-2023-3864?

CVE-2023-3864 affects Snow Software license manager versions 8.0.0 up to and including 9.30.1 on Windows.

Is Microsoft Windows affected by CVE-2023-3864?

No, Microsoft Windows is not vulnerable to CVE-2023-3864.

Vulnerability/
CVE-2023-3864

high

7.2

CWE

11/8/2023

9/10/2024

CVE-2023-3864: SQL injection vulnerability in Snow License Manager

First published: Fri Aug 11 2023(Updated: )

Blind SQL injection in a service running in Snow Software license manager from version 8.0.0 up to and including 9.30.1 on Windows allows a logged in user with high privileges to inject SQL commands via the web portal.

Credit: security@snowsoftware.com security@snowsoftware.com

Affected Software	Affected Version	How to fix
Snowsoftware Snow License Manager	>=8.0.0<=9.30.1
Microsoft Windows

Remedy

Upgrade to version 9.30.2 or if running 9.27.0 apply the hotfix 9.27.1

Never miss a vulnerability like this again

Reference Links

https://community.snowsoftware.com/s/feed/0D56M00009gUexuSAC

Frequently Asked Questions

What is CVE-2023-3864?
CVE-2023-3864 is a vulnerability that allows a logged in user with high privileges to conduct blind SQL injection in a service running in Snow Software license manager from version 8.0.0 up to and including 9.30.1 on Windows.
How can a user exploit CVE-2023-3864?
A user with high privileges can inject SQL commands via the web portal of the Snow Software license manager.
What is the severity of CVE-2023-3864?
CVE-2023-3864 has a severity rating of high (7.2).
Which software versions are affected by CVE-2023-3864?
CVE-2023-3864 affects Snow Software license manager versions 8.0.0 up to and including 9.30.1 on Windows.
Is Microsoft Windows affected by CVE-2023-3864?
No, Microsoft Windows is not vulnerable to CVE-2023-3864.

collector/nvd-api
collector/nvd-index
agent/author
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/title
agent/last-modified-date
agent/remedy
agent/severity
agent/references
agent/event
agent/description
agent/tags
agent/first-publish-date
vendor/snowsoftware
canonical/snowsoftware snow license manager
version/snowsoftware snow license manager/8.0.0
version/snowsoftware snow license manager/9.30.1
vendor/microsoft
canonical/microsoft windows

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.