CVE-2023-29081 – InstallShield Symlink Vulnerability Affecting Suite Project Setups
https://notcve.org/view.php?id=CVE-2023-29081
A vulnerability has been reported in Suite Setups built with versions prior to InstallShield 2023 R2. This vulnerability may allow locally authenticated users to cause a Denial of Service (DoS) condition when handling move operations on local, temporary folders. Se ha informado de una vulnerabilidad en Suite Setups creadas con versiones anteriores a InstallShield 2023 R2. Esta vulnerabilidad puede permitir que los usuarios autenticados localmente provoquen una condición de denegación de servicio (DoS) al manejar operaciones de movimiento en carpetas locales temporales. • https://community.flexera.com/t5/InstallShield-Knowledge-Base/CVE-2023-29081-InstallShield-Symlink-Vulnerability-Affecting/ta-p/305052 • CWE-276: Incorrect Default Permissions •
CVE-2021-41526 – MindManager Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-41526
A vulnerability has been reported in the windows installer (MSI) built with InstallScript custom action. This vulnerability may allow privilege escalation when invoked ‘repair’ of the MSI which has an InstallScript custom action. MindManager suffers from a local privilege escalation vulnerability via MSI installer Repair Mode. • https://github.com/pawlokk/mindmanager-poc http://seclists.org/fulldisclosure/2024/Apr/24 https://community.flexera.com/t5/InstallShield-Knowledge-Base/CVE-2021-41526-Privilege-escalation-vulnerability-during-MSI/ta-p/218137/jump-to/first-unread-message https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0011/MNDT-2021-0011.md •
CVE-2019-8963
https://notcve.org/view.php?id=CVE-2019-8963
A Denial of Service (DoS) vulnerability was discovered in FlexNet Publisher's lmadmin 11.16.5, when doing a crafted POST request on lmadmin using the web-based tool. • https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8963-Remediated-in-FlexNet-Publisher/ta-p/148768 •
CVE-2017-6894
https://notcve.org/view.php?id=CVE-2017-6894
A vulnerability exists in FlexNet Manager Suite releases 2015 R2 SP3 and earlier (including FlexNet Manager Platform 9.2 and earlier) that affects the inventory gathering components and can be exploited by local users to perform certain actions with elevated privileges on the local system. • https://community.flexera.com/t5/FlexNet-Manager-Knowledge-Base/A-vulnerability-exists-in-FlexNet-Manager-Suite-release-2015-R2/ta-p/1891 • CWE-269: Improper Privilege Management •
CVE-2021-41525
https://notcve.org/view.php?id=CVE-2021-41525
An issue related to modification of otherwise restricted files through a locally authenticated attacker exists in FlexNet inventory agent and inventory beacon versions 2020 R2.5 and prior. Se presenta un problema relacionado con la modificación de archivos que de otro modo estarían restringidos mediante un atacante autenticado localmente en FlexNet inventory agent and inventory beacon versiones 2020 R2.5 y anteriores • https://community.flexera.com/t5/FlexNet-Manager-Knowledge-Base/FlexNet-Inventory-Agent-and-Inventory-Beacon-Vulnerability/ta-p/204723 •