A Disclosure of sensitive information vulnerability existed in lmadmin systems. The web portal link can be used to access to system files or other important files on the system. The vulnerability was discovered in FlexNet Publisher's lmadmin 11.14.0.2.
If you do not distribute lmadmin to your customers, there is no further action on your part. If you do, you must distribute to those same customers the security update mentioned in the Resolution section of this article.The vulnerability will not impact lmadmin if started without integrated web server.
Symptoms
**** Only the following information is permitted to be distributed to users of products enabled with FlexNet Publisher:
- CVE number (if available)
- CWE ID
- CVSS scores
- Any publicly available information
****
Through lmadmin provided web portal the user can access unconditionally the files located at out of the installation path. The information in these files can be compromised. This vulnerability has been assigned the ID of CVE-2020-12081. The CVSS v2 base score for this vulnerability is 6.2; that is, medium severity.
Resolution
The lmadmin functionality has been enhanced to access the files which are relative to the lmadmin installation location.
The FlexNet Publisher 2016 R2 SP2 (11.14.1.2) and later address the security vulnerability and will be available on the Product and License Center. We advise all FlexNet Publisher customers update lmadmin binary to FlexNet Publisher 2016 R2 SP2 or later. As good practice, we advise customers to expose lmadmin to only a trusted network. This will reduce the attack vector to only those attackers who have access to that trusted network.
Additional Information
For identifying this vulnerability and disclosing it to Revenera under a responsible disclosure process, we'd like to thank the team members of TIM S.p.A - TIM Security Red Team Research:
