CVE-2024-1149

Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 6.12.0; Inventory Agent: through 6.14.5; Inventory Agent: through 6.7.2.

More information : https://community.snowsoftware.com/s/feed/0D5Td000004YtMcKAK

Attack vector : LOCAL
Attack complexity : LOW
Privileges required : LOW
User interaction : NONE
Confidentiality impact : NONE
Integrity impact : HIGH
Base score : 5.5
Base severity : MEDIUM
Exploitability score : 1.8
Impact score : 3.6