CVE-2023-3937

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 11, 2023
Updated: Aug 18, 2023
CWE ID 312

Summary

CVE-2023-3937 is a cross-site scripting (XSS) vulnerability identified in the Snow Software License Manager web portal from versions 9.0.0 to 9.30.1 running on Windows. This issue permits an authenticated user with elevated privileges to execute malicious scripts in the web browser of other users, potentially leading to data theft or unauthorized system access. Exploitation of this vulnerability requires user interaction and could result in severe security consequences. It is recommended that affected organizations upgrade to the latest version or implement mitigations to protect against XSS attacks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • FUJITSU Software Infrastructure Manager

Affected Vendors

  • Fujitsu Limited