ICSA-19-323-01 · Published 2019-11-19 · View on CISA ICS-CERT ↗

Flexera FlexNet Publisher

CVSS 9.8 CRITICAL

Risk Summary

These vulnerabilities could allow an attacker to deny the acquisition of a valid license for legal use of the product. The memory corruption vulnerability could allow remote code execution.

CVEs (4)

CVE-2018-20031 CVE-2018-20032 CVE-2018-20033 CVE-2018-20034

Remediations

Flexera recommends all users using affected versions of FlexNet Publisher upgrade to Version 2018 R4 or newer as soon as possible. The updates can be obtained with a customer account at the following location (login required):
More information on this issue can be found at the following location on the Flexera site:

Affected Vendors

Flexera

Affected Products (1)

Flexera · FlexNet Publisher <= 2018 R3

Affected Sectors

Information Technology

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more