CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2658 – Local privilege escalation in FlexNet Publisher
https://notcve.org/view.php?id=CVE-2024-2658
01 Apr 2024 — A misconfiguration in lmadmin.exe of FlexNet Publisher versions prior to 2024 R1 (11.19.6.0) allows the OpenSSL configuration file to load from a non-existent directory. An unauthorized, locally authenticated user with low privileges can potentially create the directory and load a specially crafted openssl.conf file leading to the execution of a malicious DLL (Dynamic-Link Library) with elevated privileges. This vulnerability allows local attackers to escalate privileges on affected installations of Flexera... • https://community.flexera.com/s/article/cve-2024-2658-flexnet-publisher-potential-local-privilege-escalation-issue • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 0CVE-2023-29081 – InstallShield Symlink Vulnerability Affecting Suite Project Setups
https://notcve.org/view.php?id=CVE-2023-29081
26 Jan 2024 — A vulnerability has been reported in Suite Setups built with versions prior to InstallShield 2023 R2. This vulnerability may allow locally authenticated users to cause a Denial of Service (DoS) condition when handling move operations on local, temporary folders. Se ha informado de una vulnerabilidad en Suite Setups creadas con versiones anteriores a InstallShield 2023 R2. Esta vulnerabilidad puede permitir que los usuarios autenticados localmente provoquen una condición de denegación de servicio (DoS) al ma... • https://community.flexera.com/t5/InstallShield-Knowledge-Base/CVE-2023-29081-InstallShield-Symlink-Vulnerability-Affecting/ta-p/305052 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2017-6894
https://notcve.org/view.php?id=CVE-2017-6894
29 Mar 2023 — A vulnerability exists in FlexNet Manager Suite releases 2015 R2 SP3 and earlier (including FlexNet Manager Platform 9.2 and earlier) that affects the inventory gathering components and can be exploited by local users to perform certain actions with elevated privileges on the local system. • https://community.flexera.com/t5/FlexNet-Manager-Knowledge-Base/A-vulnerability-exists-in-FlexNet-Manager-Suite-release-2015-R2/ta-p/1891 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-8963
https://notcve.org/view.php?id=CVE-2019-8963
29 Mar 2023 — A Denial of Service (DoS) vulnerability was discovered in FlexNet Publisher's lmadmin 11.16.5, when doing a crafted POST request on lmadmin using the web-based tool. • https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8963-Remediated-in-FlexNet-Publisher/ta-p/148768 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-41526 – MindManager Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-41526
29 Mar 2023 — A vulnerability has been reported in the windows installer (MSI) built with InstallScript custom action. This vulnerability may allow privilege escalation when invoked ‘repair’ of the MSI which has an InstallScript custom action. MindManager suffers from a local privilege escalation vulnerability via MSI installer Repair Mode. • https://packetstorm.news/files/id/178198 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41525
https://notcve.org/view.php?id=CVE-2021-41525
21 Sep 2021 — An issue related to modification of otherwise restricted files through a locally authenticated attacker exists in FlexNet inventory agent and inventory beacon versions 2020 R2.5 and prior. Se presenta un problema relacionado con la modificación de archivos que de otro modo estarían restringidos mediante un atacante autenticado localmente en FlexNet inventory agent and inventory beacon versiones 2020 R2.5 y anteriores • https://community.flexera.com/t5/FlexNet-Manager-Knowledge-Base/FlexNet-Inventory-Agent-and-Inventory-Beacon-Vulnerability/ta-p/204723 •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12083
https://notcve.org/view.php?id=CVE-2020-12083
17 Sep 2021 — An elevated privileges issue related to Spring MVC calls impacts Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64). Un problema de elevación de privilegios relacionado con las llamadas de Spring MVC afecta a las versiones de Code Insight versiones v7.x y versiones hasta 2020 R1 (7.11.0-64) incluyéndola • https://community.flexera.com/t5/Code-Insight-Knowledge-Base/CVE-2020-12083-Remediated-in-Code-Insight/ta-p/169356 •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12082
https://notcve.org/view.php?id=CVE-2020-12082
17 Sep 2021 — A stored cross-site scripting issue impacts certain areas of the Web UI for Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64). Un problema de tipo cross-site scripting almacenado afecta a determinadas áreas de la interfaz de usuario web de las versiones de Code Insight versiones v7.x y versiones hasta 2020 R1 (7.11.0-64) incluyéndola • https://community.flexera.com/t5/Code-Insight-Knowledge-Base/CVE-2020-12082-Remediated-in-Code-Insight/ta-p/169353 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-12080
https://notcve.org/view.php?id=CVE-2020-12080
17 Sep 2021 — A Denial of Service vulnerability has been identified in FlexNet Publisher's lmadmin.exe version 11.16.6. A certain message protocol can be exploited to cause lmadmin to crash. Se ha identificado una vulnerabilidad de denegación de servicio en el archivo lmadmin.exe de FlexNet Publisher versión 11.16.6. Un determinado protocolo de mensajes puede ser explotado para causar un bloqueo de lmadmin • https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2020-12080-Remediated-in-FlexNet-Publisher/ta-p/143873 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12081
https://notcve.org/view.php?id=CVE-2020-12081
31 Jul 2020 — An information disclosure vulnerability has been identified in FlexNet Publisher lmadmin.exe 11.14.0.2. The web portal link can be used to access to system files or other important files on the system. Se ha identificado una vulnerabilidad de divulgación de información en FlexNet Publisher lmadmin.exe versión 11.14.0.2. El enlace del portal web puede ser usado para acceder a los archivos del sistema u otros archivos importantes en el sistema • https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2020-12081-Remediated-in-FlexNet-Publisher/ta-p/153505 •