This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

A new Flexera Community experience is coming on November 25th. Click here for more information.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

FlexNet Manager for Engineering Applications 2021 R1 Vulnerabilities, Open SSL & JavaService Libraries Statement

(Open JDK 11.0.9 ) CVE Description: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security.

No action Required: These vulnerabilities do not affect FNMEA since it's a pure on-prem product (with no connections to the internet).

(Wildfly 20.0.1) NVD - CVE-2021-20250 :

“ Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity” – Medium & Low

No action Required: This will not be an impact on the product since we don't have internet access externally from the wildfly server. The solution is a pure on-premise one.

Open SSL Library :

FNMEA 2021 R1 uses OpenSSL 1.1.0 which comes with Wild fly 20.0.1. The FNMEA engineering team will look for any open-source library vulnerabilities.

JavaService Library:

FNMEA 2021 uses JavaService 2.0.9 (Windows NT Service Daemon for Java applications).  The FNMEA engineering team will watch out for this space if this library is completely out of support from the community.

‎Nov 12, 2021 10:23 AM - edited ‎Nov 30, 2021 01:39 PM

Was this article helpful? Yes No
No ratings
Version history
Last update:
‎Nov 30, 2021 01:39 PM
Updated by:
Level 6 Flexeran