A vulnerability exists in FlexNet Manager Suite release 2015 R2 SP3 and earlier (including FlexNet Manager Platform 9.2 and earlier) that affects the inventory gathering components. Upgrading these components to any later release will resolve this vulnerability.
A vulnerability exists in FlexNet Manager Suite release 2015 R2 SP3 and earlier (including FlexNet Manager Platform 9.2 and earlier). The vulnerability impacts the FlexNet inventory agent, and FlexNet Beacon for all supported operating systems.
The Common Vulnerabilities and Exposures (CVE) identifier of this vulnerability is CVE-2017-6894 and the Secunia advisory is SA77994 (requires Secunia Research Community login). To understand the potential consequences of this vulnerability, please refer to the Common Consequences section of Common Weakness Enumeration CWE-250. The Common Vulnerability Scoring System (CVSS) v3 base score for this vulnerability is 7.8 and the temporal score is 7.0, resulting in an overall CVSS Score of 7.0. The Secunia Research criticality rating = Less Critical.
For the cause of these vulnerability, see the description section of CWE-250.
Upgrading your FlexNet inventory agents and FlexNet Beacons to a later version (FlexNet Manager Suite 2015 R2 SP4 or newer) will address this vulnerability.
It is strongly advised that you upgrade all FlexNet inventory tools and installed inventory beacons to the latest (current) version to ensure that all security improvements, touching all these components, are employed.
On-premises customers should also ensure that their application server (in a multi-server environment, the inventory server) is also updated with this hotfix.
Note: FlexNet Manager Suite cloud customers may wish to contact Flexera Support for assistance upgrading their installations of the FlexNet inventory agent and FlexNet Beacon.