This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

A new Flexera Community experience is coming on November 25th. Click here for more information.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

A vulnerability exists in FlexNet Manager Suite release 2015 R2 SP3 and earlier (including FlexNet Manager Platform 9.2 and earlier).

Summary

A vulnerability exists in FlexNet Manager Suite release 2015 R2 SP3 and earlier (including FlexNet Manager Platform 9.2 and earlier) that affects the inventory gathering components. Upgrading these components to any later release will resolve this vulnerability.

Symptoms

A vulnerability exists in FlexNet Manager Suite release 2015 R2 SP3 and earlier (including FlexNet Manager Platform 9.2 and earlier). The vulnerability impacts the FlexNet inventory agent, and FlexNet Beacon for all supported operating systems.

The Common Vulnerabilities and Exposures (CVE) identifier of this vulnerability is CVE-2017-6894 and the Secunia advisory is SA77994 (requires Secunia Research Community login).
To understand the potential consequences of this vulnerability, please refer to the Common Consequences section of Common Weakness Enumeration CWE-250.
The Common Vulnerability Scoring System (CVSS) v3 base score for this vulnerability is 7.8 and the temporal score is 7.0, resulting in an overall CVSS Score of 7.0. The Secunia Research criticality rating = Less Critical.

Cause

For the cause of these vulnerability, see the description section of CWE-250.

Resolution

Upgrading your FlexNet inventory agents and FlexNet Beacons to a later version (FlexNet Manager Suite 2015 R2 SP4 or newer) will address this vulnerability.

It is strongly advised that you upgrade all FlexNet inventory tools and installed inventory beacons to the latest (current) version to ensure that all security improvements, touching all these components, are employed.

On-premises customers should also ensure that their application server (in a multi-server environment, the inventory server) is also updated with this hotfix.

Note: FlexNet Manager Suite cloud customers may wish to contact Flexera Support for assistance upgrading their installations of the FlexNet inventory agent and FlexNet Beacon.

Related Documents

This issue is listed in the Known Issues lists, for FlexNet Manager Suite, as 'FNMS-29663 Non privileged users can use the installation agent to gain elevated privileges'
https://secuniaresearch.flexerasoftware.com/advisories/77994/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6894
https://cwe.mitre.org/data/definitions/250.html
https://secuniaresearch.flexerasoftware.com/community/advisories/terminology/





Additional Information

Acknowledgement: Thank you to David Kierznowski of Saudi Aramco for identifying and documenting vulnerability CVE-2017-6894.

Related KB Articles

https://community.flexera.com/t5/FlexNet-Manager-knowledge-base/Citrix-XenApp-inventory-failure-after-upgrade-to-FlexNet-Manager/ta-p/1943

on ‎Oct 05, 2018 06:10 PM - edited on ‎Apr 04, 2019 03:02 PM by

Labels:
Was this article helpful? Yes No
No ratings
0 Kudos
Version history
Last update:
‎Apr 04, 2019 03:02 PM
Updated by: