The Community is now in read-only mode to prepare for the launch of the new Flexera Community. During this time, you will be unable to register, log in, or access customer resources. Click here for more information.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
jborchers
By Moderator Moderator
Moderator

A security hotfix has been released for FlexNet Manager Suite (FNMS) version 2023 R1 and is available in the Product License Center (PLC).

Name: 2023 R1 On-Premise Hotfix 2

This hotfix contains updated binaries which are to be installed on the FNMS Presentation Server (or application server if using a single-server deployment). To install the hotfix please follow instructions in the ReadMe.txt of the download package. 

This hotfix resolves the following security-related issues:

  • IOK-1069556 - SQL Injection (Reports > License Compliance > IBM PVU License Consumption)
  • IOK-1072870 - CSV Injection (Reports > License Compliance > IBM PVU License Consumption)
  • IOK-1073091 - CSV Injection (Discovery & Inventory > Oracle Instances)
  • IOK-1065567 - Asset enterprise group change history may appear against other tenant if both tenants has same enterprise groupexid
(2) Comments
CorinnaSeiferth
By
Level 3

Hello,

thanks for providing the hotfix.

How can we check ih the hotfix is installed in an environment)

Thanks and kind reagrds

Corinna

kevin_christens
By
Level 7

We have 2023 R1 Hot Fix 2 installed and with 20.1.0.13

You can display your release number by hoovering the your mouse over the gear in the top right corner of your FlexNet web interface and clicking on "FlexNet Manager Suite License"
or go to
https://YourFlexNetBatchServer.com/Suite/YourFNMPLicense

Maybe someone can confirm if that release number indicates Hot Fix 2 is installed.