Flexera Software Community Knowledge Base

cancel
Showing results for 
Search instead for 
Did you mean: 
Knowledge Base Categories
Akamai has formally end of lifed support for their hosted Download Manager (that uses NetSession).  In turn, FlexNet Operations has a replacement Download Manager made available in UAT as of 3/28/2019 and Production as of 4/23/2019.  Who is affected by this change? Anyone using FlexNet Operations to allow their end user customers to download file binaries. You may want to provide guidance to your field, such as Support teams, to let them know about the updated download experience for your end user customers. Download Experience  The Download Manager will work similarly to the now decommissioned Akamai DLM. It will enable multiple downloads and can be invoked for single files as well. When invoking the new Download Manager, the end user customer will be prompted to download, then run the installer to complete the installation. Tips for end user customers: The installation process may trigger a security notification prompt, requiring the customer to allow the installation. May need to work with their IT to ensure port 45786 is open. Can uninstall the existing Akamai Download Manager from their system. The default location for downloaded files will be saved to the user’s local Downloads directory. Example showing how default downloads are saved to personal download folder.  In this case the tester’s name was JChagnot (the rest of directory path by default and would be the same for all users). Forward-looking End user customers will not be able to specify a different location to save the download. An enhancement is already logged with Flexera and being considered for the roadmap: Enable users to be able to download to a local directory of their choice. If you have any questions related to the FlexNet Operations Download Manager, we recommend posting a reply to this knowledge base article. This will support our community and efforts to provide timely information in a self-service location.
View full article
Description of Flexera Support maintenance plans
View full article
Summary Support can provide extensions to the evaluations of AdminStudio, InstallShield, and InstallAnywhere. Synopsis After the 21 day evaluation period has ended for AdminStudio, or InstallShield has ended a evaluation extension activation code can be used to extend the evaluation for an extra 7 days. After the 21 day evaluation period has ended for InstallAnywhere has ended a password can be used to add 7 days to the evaluation. The password input will appear after the evaluation has ended. Each of these codes or password can only be used once per installation. For a longer extension the product must be installed on a new machine.
View full article
InstallShield Limited Edition for Visual Studio provides a small subset of the world-class functionality found in our other InstallShield editions. 
View full article
Summary Build error 6271 file hashing with unusually large files that do not have version information Symptoms While building a release, the following error occurs: ** Error: -6271: File \file.exe not found. An error occurred building the MsiFileHash table record for this file. Verify that the file exists in the specified location. Alternately, you may get the following error: Error 6254: An error occurred building the MsiFileHash table for File \file.exe.   Cause This happens with unusually large files that do not have version information. During build time, the builder extracts hash information from versionless files to populate the MsiFileHash table, which seems to cause the error message. The root cause of the issue is not known at this time. The issue occurs when the MsiGetFileHash() API fails on large files.     Workaround To workaround the issue at this point, it is recommended that users turn off file hashing at build time. To do this, follow these steps: All other products Open the Releases view.   Click on the desired Release Name under Product Configuration. This displays the Release property grid.   Scroll down until you find the "Generate File Hash Values" property.   Set the "Generate File Hash Values" property to No.   Right-click on your Release Name in the middle window and select Build to build your release. InstallShield Express: The option to disable File hashing at build time is not available in InstallShield Express. This document will be updated as InstallShield Express is enhanced to include this functionality. Currently InstallShield Express users are advised to ignore this build error as it should not have a direct impact on the setup.   Additional notes: This error being a result of ODBC Translators is being tracked as Master Issue Number: IOJ-1591989   Additional Information For more information on File Hashing, see the Windows Installer Help Library topic MsiFileHash.
View full article
We have an expert team of professionals available to answer questions and to assist you with technical issues with Flexera products. To contact Support for technical issues, please use our online system to log a case. In addition to our online submission system, you can contact Support using the following information. InstallShield, InstallAnywhere, and FlexNet Connect North America Phone (varies by maintenance plan, please see your Welcome Kit) Hours 8 AM to 5.30 PM CST, Monday through Friday Europe Phone (varies by maintenance plan, please see your Welcome Kit) Hours 6 AM to 6 PM GMT, Monday through Friday   FlexNet Publisher, FlexNet Embedded and FlexNet Operations North America Phone (408) 969-5441 (United States Local) (877) 969-5441 (Toll-Free) Fax (408) 642-3764 Hours 8 AM to 6 PM PST, Monday through Friday Europe Phone +44 (0) 870 873 6301 (United Kingdom) Fax +44 (0) 1928 870 6301 Hours 6 AM to 6 PM GMT, Monday through Friday Japan Phone +81 (3) 5774-6254 (Japan) Fax +81 (3) 4360-8201 Hours 9.30 AM to 6 PM JST, Monday through Friday FlexNet Operations Cloud North America Phone (877) 378-2638 (Toll-Free) Hours 24x5, Monday through Friday International Phone (408) 642-3950 (United States) Hours 24x5, Monday through Friday Software Composition Analysis North America Phone (415) 799-3845 (Hotline) Hours 8:30 AM to 5:00 PM PT, Monday through Friday
View full article
Summary Error 7354 occurs when building the MSI project Symptoms The build error 7354 occurs while referencing a string that does not have the correct value in MSI projects. The issue may occur with a new project or a migrated project. The error will reference the string as well as the table using the string. For example, the error can be displayed as: ISDEV : error -7354: The <LANGUAGE NAME> value for string <STRING_ID> does not contain a legitimate value for table <TABLE NAME>column <COLUMN NAME>. OR ISDEV : error -7354: The English (United States) value for string 'ID_STRING4' does not contain a legitimate value for table Shortcut column Name Cause This error is known to occur when a destination filename column needs to be in the shortfilename format as documented at the following link. MSDN: Filename data type For example, the following two strings are valid: status.txt projec~1.txt|Project Status.txt We introduced additional string validation with InstallShield 2016, therefore a project successfully built in previous versions may exhibit this error when built using InstallShield 2016. Resolution Check the requirements of the table mentioned in the error. Use Direct Editor to navigate to the table and press key F1 will bring out the HelpDoc for the table. Clicking on the link for the Type column will bring up an article about field requirements. For example, the FileName column of the RemoveFile table requires a FileName data type. This data type will need a short file name. Adding a short file name will fix the issue. For Express projects there is no direct access to the tables. The string entries can be exported in the Project > Export String Entries option. The modified strings can then be imported back to the project after being fixed. Additional Information Additional information: To include a long file name with a short file name, separate it from the short file name with a vertical bar (|). For example, the following two strings are valid: Eshwar.txt Projec~1.txt|Project Scripting.txt Short and long file names must not contain the following characters: \ ? | > < : / * " In addition, short file names must not contain the following characters: + , ; = [ ] Short file names may not include a space, although a long file name may. No space is allowed preceding the vertical bar (|) separator for the short file name/long file name syntax. If a space exists after the separator, then the long file name must have a space at the beginning of the file name. No full-path syntax is allowed. This error is documented briefly in the helpnet article Build Errors and Warnings. Also reference: Error 7354 when building MSI with MoveFile Table Entry
View full article
Summary This article will explain the reason as to why the Install and Download Only buttons are grey'ed out on the Software Manager when a new version is available. Synopsis Why are the Software Manager 'Install' and 'Download Only' buttons grey'ed out? The Software Manager has appeared stating that a newer version of my product is available to download, however, the 'Install' and 'Download Only' Buttons are grey'ed out: Discussion What the Software Manager is showing is a message which states that a new version of the product is available, rather than an update which you can download. If you are entitled to this new version then you will be able to obtain the download for the new version via the Product and License Center.
View full article
Summary When attempting to uninstall or install the InstallAnywhere product, a message displays that says, "This is an incomplete installation of InstallAnywhere [EditionNumber] Evaluation." Synopsis When attempting to uninstall or install the InstallAnywhere product, a message displays that says, "This is an incomplete installation of InstallAnywhere [InstallAnywhereVersion] Evaluation." Ex: "This is an incomplete installation of InstallAnywhere 2014 SP1 Evaluation" Ex: "This is an incomplete installation of InstallAnywhere 2017 Evaluation." Note: This same error message may also appear when building a project from the command-line. Discussion To resolve the issue please view the following steps: On a Windows machine, follow these steps: 1. In Windows Explorer, navigate to the following path: %USERPROFILE%\InstallAnywhere Note: The InstallAnywhere directory is a hidden directory. Make sure to enable hidden folders. 2. Locate and delete the appropriate version number folder that corresponds with your installed copy of InstallAnywhere: For InstallAnywhere 2018 Delete the 190 directory For InstallAnywhere 2017 Delete the 180 directory For InstallAnywhere 2015 Delete the 170 directory For InstallAnywhere 2014 SP1 Delete the 165 directory For InstallAnywhere 2014 Delete the 160 directory For InstallAnywhere 2013 Delete the 150 directory For InstallAnywhere 2012 Delete the 140 directory For InstallAnywhere 2011 SP3 Delete the 125 directory For InstallAnywhere 2011, 2011 SP1, 2011 SP2 Delete the 120 directory For InstallAnywhere 2010 Service Pack 1 (SP1) Delete the 115 directory For InstallAnywhere 2010 Delete the 110 directory For InstallAnywhere 2009, 2009 SP1, and 2009 SP2 Delete the 100 directory For InstallAnywhere 2008 Value Pack 1 (VP1) Delete the 95 directory For InstallAnywhere 2008 Delete the 90 directory For InstallAnywhere 8.0 Delete the 80 directory Note: The folder will be re-created when the product is launched again. 3. Re-launch the InstallAnywhere product and re-register the product. ------------------------------------------------------------------------------------------------------------------------------------------------------ On macOS/OS X, Linux-based, or Unix-based machines follow these steps: 1. From the command-line, change directories to the hidden .InstallAnywhere directory in the user's home directory (for the user that registered InstallAnywhere). Note: The InstallAnywhere directory is a hidden directory. Make sure to enable hidden folders. 2. Locate and delete the appropriate version number folder that corresponds with your installed copy of InstallAnywhere: For InstallAnywhere 2018 Delete the 190 directory For InstallAnywhere 2017 Delete the 180 directory For InstallAnywhere 2015 Delete the 170 directory For InstallAnywhere 2014 SP1 Delete the 165 directory For InstallAnywhere 2014 Delete the 160 directory For InstallAnywhere 2013 Delete the 150 directory For InstallAnywhere 2012 Delete the 140 directory For InstallAnywhere 2011 SP3 Delete the 125 directory For InstallAnywhere 2011, 2011 SP1, 2011 SP2 Delete the 120 directory For InstallAnywhere 2010 Service Pack 1 (SP1) Delete the 115 directory For InstallAnywhere 2010 Delete the 110 directory For InstallAnywhere 2009, 2009 SP1, and 2009 SP2 Delete the 100 directory For InstallAnywhere 2008 Value Pack 1 (VP1) Delete the 95 directory For InstallAnywhere 2008 Delete the 90 directory For InstallAnywhere 8.0 Delete the 80 directory Note: The folder will be re-created when the product is launched again. 3. Re-launch the InstallAnywhere product and re-register the product. Additional Information For information on registering the InstallAnywhere product, please view the related knowledge base articles: Licensing Overview for InstallAnywhere 2011 and Later How to Register InstallAnywhere (Versions 8.0 - 2010) If further assistance is needed, please contact Flexera Software Technical Support .
View full article
Summary FlexNet-Operations-Cloud-Certificate-Update Systems affected: Production and UAT URLs for: manager.subscribenet.com (every two years) manager.flexnetoperations.com (every two years) Synopsis FlexNet Operations Cloud Certificate Update Action Required. Please read entirely. Overview Flexera uses SSL certificates to protect the transmission of sensitive information for FlexNet Operations Cloud web servers and to establish a secure line of communication between you and the application. With Google?s plan to distrust certificates issued prior to 6/1/2016 under the Symantec/Thawte infrastructure you need to apply new certificates. The information below describes how this impacts FlexNet Operations Cloud and the specific URLs which make use of the certificates, including scheduled dates for renewal. Products Impacted and Critical Dates The Producer Portal certificates are used for the management endpoints within FlexNet Operations Cloud. Depending on your product, you will be impacted in a different way. The product-specific tables below represent the URLs which make use of certificates, along with scheduled dates for renewal. To ensure there are no interruptions with your integration, please make sure you install the new certificates, reissued through the Digicert infrastructure, on your systems before the renewal date and test your integrations in UAT before August 21, 2018. FlexNet Operations Cloud (ALM) uses t he production compliance endpoint certificate ( *.compliance.flexnetoperations.com ). FlexNet Operations (LLM) uses the production compliance endpoint certificate ( *.compliance.flexnetoperations.com ). Some customers may still use the legacy *.subscribenet.com (Enterprise Portal) and manageruat.subscribenet.com/manager.subscribenet.com (Producer Portal) certificates. Environment URL Replacement Date UAT Producer Portal manageruat.subscribenet.com 6/19/2018 UAT End User Portal *.subscribenet.com 6/19/2018 UAT Compliance Endpoint *.compliance.flexnetoperations.com 6/19/2018 PROD Producer Portal manager.subscribenet.com 8/21/2018 PROD End User Portal *.subscribenet.com 8/21/2018 PROD Compliance Endpoint *.compliance.flexnetoperations.com 8/21/2018 * Note the latest certificates are available in the zip file attached to this article. The rest of the certificates used by FlexNet Operations LLM certificates are not affected by the Google plan until 9/13/2018. We anticipate publishing an update by early 2018 Q3. FlexNet Embedded There are two types of communications between FlexNet Embedded and FlexNet Operations Cloud (ALM or LLM). 1. Direct communication from a device or server to FlexNet Operations Cloud: a. customer-name.flexnetoperations.com or b. customer-name.compliance.flexnetoperations.com In this situation, you should patch your current installer to provide both the current Thawte certificate and the new DigiCert certificate, phasing the Thawte certificate out at their next release. Do this prior to August 21, 2018. 2. Direct communication to a cloud license server a. customer-name.compliance.flexnetoperations.com The compliance endpoint was updated in UAT on June 19, 2018 and will be updated in Production on August 21, 2018. Some customers have found their target platforms do not always have the Thawte certificate currently used by Flexera for FlexNet Embedded and have had to add the certificate to their deployment packages. Because of this, the FlexNet Embedded toolkit has been shipping with a copy of the Thawte certificate. Included in this article is a zip file of the new flexnet.certs file. The new flexnet.certs file contains both the old (Thawte) and new (DigiCert) certificate information to use with your FlexNet Embedded implementation. Customers with SAML SSO If you use SAML Single-Sign-On (SSO) for FlexNet Operations Cloud see https://flexeracommunity.force.com/customer/articles/en_US/HOWTO/FlexNet-Operations-Cloud-SAML-Certificate for more details. Frequently Asked Questions Q. What steps does an end-user need to take on or after the renewal date? A. The first time a user goes to the URL on or after the date of renewal, the user may be prompted to accept the new certificate by the browser. If prompted, the only step is to accept the new certificate. Q. What steps should a FlexNet Embedded customer take, if they have FlexNet Embedded clients communicating with FlexNet Operations Cloud and/or cloud license servers? A. This is unique to how FlexNet Embedded is configured to find the root certificate. Please see the section titled FlexNet Embedded above. Q. What happens if my company is using the certificate for integration purposes with Flexera? A. Please forward this information to the group who manages the integration and have them follow the steps outlined in the FlexNet Operations Integration Guide: A Guide to Integrating with FlexNet Operations, available via the Documentation page in the Producer Portal - page 16 details the steps to follow for updating the certificates. Q. Where can I find the new certificates? A. The new certificates are attached to this article. Q. What is the critical date I need to remember? A. To ensure there are no interruptions with your integration, please make sure you install the new certificate on your systems before the renewal date and test your integrations in UAT before August 21, 2018. Q. Where can I sign up to receive critical customer notifications, including planned and unplanned outages? A. Please visit this website https://status.flexera.com/ to sign up for either Email or SMS messaging notifications.
View full article
If your account is tied to a company with a maintenance contract, you have permissions to open new support cases and view your previously submitted support cases. To Open a Case Sign in Go to the "Get Support" menu - it will be near the middle of the screen. Select "Open new case"   To View Existing Cases Sign in Go to the "Get Support" menu - it will be near the middle of the screen. Select "My Cases"    
View full article
If your account is tied to a company with a maintenance contract, you have permissions to download cases.  To Download Go to the  "My Cases" screen. Scroll to the bottom of the page and click the "Export List" button  
View full article
If your account is tied to a company with a maintenance contract, you have permissions to view cases you submitted. If you have supervisory access, you can also view all cases submitted by your organization. To View All Cases Sign in Go to the "Get Support" menu - it will be near the middle of the screen. Select "My Cases" Select the vertical dot menu and select "all cases"    To Request Permissions to View All Cases If you do not have access to all cases, please open a case to request access. 
View full article
If your account is tied to a company with a maintenance contract, you have permissions to view cases you submitted.  To Filter by Status Go to the  "My Cases" screen. Select the vertical dot menu and select the status you wish to filter by.  
View full article
As you're exploring Flexera Community, you likely want maximize your experience. Never fear! This is a full roadmap for you from start to success. Phase 1: Get Set Up Fill out your profile.  Hit the avatar icon on the top right of your screen. Select “My Settings.” Select “Personal Information” and add a bit about yourself. Select “Preferences” and adjust to your time zone. Hit save. Read the guidelines.  The guidelines can be found here.   Curate your feed and your notifications on mobile and web.  Click on Find My Product and select your product Click on a product category (Forum, News, Knowledge) Click on the options menu (3 dots) Hit “bookmark” For notifications of any activity, select “subscribe” You can adjust your notifications at any time by selecting your avatar and My settings In order to make sure you receive email notifications, make sure to verify community@flexera.com as a safe sender in your favorite email provider. Phase 2: Get Resources We want to ensure you get resources you can apply right away. Here are the essential ways to find information in our community:  Visit Your Product Page(s): Forums – Curious about what other customer and partners are doing? You've come to the right place! Knowledge Base – Here’s your spot for defect updates, solutions, and ongoing updates related to your product. Download Documentation – A thorough online user manual and vital technical resource to how our products work. Community Hub Community How To’s – Visit this knowledge base for tips and tricks on how to participate in the community. Customer Events - Register for one of the many customer events we host to update you on what is going on with our products or help you get more familiar with their features.  Phase 3: Participate If you’re feeling overwhelmed right now that’s normal. We’re going to help you get acquainted with our community and content, easing you in gradually. You're here for the long run, so don't worry about taking it all in at once. To kick things off, we’ll keep it simple. You have two options for what to do next. Choose your own adventure... Option 1: Feeling ambitious? You can jump into the community and start connecting! A few things you can do: Now that you're set up, it's time to get going and take action! When you wonder ‘someone must already have a solution for this’… ask the community a question or request feedback on something you're working on share a customization or business skill that’s worked recently When you found a way to automate something – share what works! Option 2: Feel like lurking first? Totally cool. You can start browsing the community, and cheer on (hit the “kudo”) on a few others’ posts and answers. Any questions? Have an urgent need you want to dive right into? Just post a message on the Community Help forum and we’ll get you situated.  Thanks for being here. We'll see you on the inside!
View full article
Pioneer? Trailblazer? Legend and more? You’ve probably seen these names on your profile page and next to names in the forums. These categories, called user ranks, are a fun way to recognize increasing contribution to the community. As you participate, you ladder up the ranking system:  Flexera pro Legend Artisan Master Thought Leader Celebrated expert Expert Innovator Influencer Subject matter expert Trusted advisor Shining star Rising star Analyst Consultant Frequent contributor Intrepid explorer Active participant Occasional contributor Flexera beginner Trailblazer Adventurer Pioneer Traveler Wanderer Pilgrim So keep participating and you’ll be a shining star in no time!  
View full article
Summary CVE-2018-20034 has been discovered and remediated in FlexNet Publisher Symptoms ****Only the following information is permitted to be distributed outside of Flexera Software and customers of FlexNet Publisher:         - CVE number         - CWE ID         - CVSS scores         - Reference to any publicly-available information **** A Denial of Service vulnerability related to adding an item to a list in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down. Depending upon the license model(s) you offer to your customers, you may or may not distribute one or both of these components to one or more of your customers. If you don’t distribute either of these components, there is no further action on your part. If you do, you must distribute to those same customers the security update mentioned in the Resolution section of this article. This security vulnerability has been assigned the CVE ID number of CVE-2018-20034. Cause For security reasons, Flexera will not publish the cause of this security vulnerability. Steps To Reproduce For security reasons, Flexera Software will not publish the steps to reproduce this security vulnerability. Resolution The FlexNet Publisher 11.16.2 addresses the security vulnerability and is available from Flexera’s Product and License Center (https://flexerasoftware.flexnetoperations.com/control/inst/login?nextURL=%2Fcontrol%2Finst%2Findex): FlexNet Publisher 2018 R4 We advise all FlexNet Publisher customers update lmgrd to FlexNet Publisher 11.16.2, and the vendor daemon as soon as possible after that. Please note that lmadmin or clients are not affected. As a reminder, Flexera no longer distributes the lmgrd executables to end customers; your end customers can only receive the lmgrd executable from you. Workaround No workaround available. Additional Information Please be aware that network access to the FlexNet Publisher License Server would be necessary to perform any attack. Protecting the license server from unauthorized access is essential to minimize the opportunities for any of the vulnerabilities to be exploited. Customers are also strongly advised to follow best practice in protecting the license server from unauthorized access. Related Documents https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20034 https://nvd.nist.gov/vuln/detail/CVE-2018-20034
View full article
Summary CVE-2018-20033 has been discovered and remediated in FlexNet Publisher Symptoms ****Only the following information is permitted to be distributed outside of Flexera Software and customers of FlexNet Publisher:         - CVE number         - CWE ID         - CVSS scores         - Reference to any publicly-available information **** A Remote Code Execution (RCE) vulnerability exists on all platforms in versions 11.16.1.0 or earlier of the following FlexNet Publisher components: lmgrd executable, provided by Flexera Software vendor daemon executable, built by each FlexNet Publisher customer from object code provided by Flexera Depending upon the license model(s) you offer to your customers, you may or may not distribute one or both of these components to one or more of your customers. If you don’t distribute either of these components, there is no further action on your part. If you do, you must distribute to those same customers the security update mentioned in the Resolution section of this article. This security vulnerability has been assigned the CVE ID number of CVE-2018-20033. The vulnerability could allow a remote attacker to corrupt the memory by allocating / de-allocating memory, loading lmgrd or the vendor daemon, and causing the heartbeat between lmgrd and the vendor daemon to stop. This would force the vendor daemon to shut down. No exploit of this vulnerability has been demonstrated. Cause For security reasons, Flexera will not publish the cause of this security vulnerability. Steps To Reproduce For security reasons, Flexera Software will not publish the steps to reproduce this security vulnerability. Resolution The FlexNet Publisher 11.16.2 addresses the security vulnerability and is available from Flexera’s Product and License Center: FlexNet Publisher 2018 R4 We advise all FlexNet Publisher customers update lmgrd to FlexNet Publisher 11.16.2, and the vendor daemon as soon as possible after that. Please note that lmadmin or clients are not affected. As a reminder, Flexera no longer distributes the lmgrd executables to end customers; your end customers can only receive the lmgrd executable from you. Workaround No workaround available. Additional Information Please be aware that network access to the FlexNet Publisher License Server would be necessary to perform any attack. Protecting the license server from unauthorized access is essential to minimize the opportunities for any of the vulnerabilities to be exploited. Customers are also strongly advised to follow best practice in protecting the license server from unauthorized access. Related Documents https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20033 https://nvd.nist.gov/vuln/detail/CVE-2018-20033
View full article
Summary CVE-2018-20032 has been discovered and remediated in FlexNet Publisher Symptoms ****Only the following information is permitted to be distributed outside of Flexera Software and customers of FlexNet Publisher:         - CVE number         - CWE ID         - CVSS scores         - Reference to any publicly-available information **** A Denial of Service vulnerability related to message decoding in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down. Depending upon the license model(s) you offer to your customers, you may or may not distribute one or both of these components to one or more of your customers. If you don’t distribute either of these components, there is no further action on your part. If you do, you must distribute to those same customers the security update mentioned in the Resolution section of this article. This security vulnerability has been assigned the CVE ID number of CVE-2018-20032. Cause For security reasons, Flexera will not publish the cause of this security vulnerability. Steps To Reproduce For security reasons, Flexera Software will not publish the steps to reproduce this security vulnerability. Resolution The FlexNet Publisher 11.16.2 addresses the security vulnerability and is available from Flexera’s Product and License Center: FlexNet Publisher 2018 R4 We advise all FlexNet Publisher customers update lmgrd to FlexNet Publisher 11.16.2, and the vendor daemon as soon as possible after that. Please note that lmadmin or clients are not affected. As a reminder, Flexera no longer distributes the lmgrd executables to end customers; your end customers can only receive the lmgrd executable from you. Workaround No workaround available. Additional Information Please be aware that network access to the FlexNet Publisher License Server would be necessary to perform any attack. Protecting the license server from unauthorized access is essential to minimize the opportunities for any of the vulnerabilities to be exploited. Customers are also strongly advised to follow best practice in protecting the license server from unauthorized access. Related Documents https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20032 https://nvd.nist.gov/vuln/detail/CVE-2018-20032
View full article
Summary CVE-2018-20031 has been discovered and remediated in FlexNet Publisher Symptoms ****Only the following information is permitted to be distributed outside of Flexera Software and customers of FlexNet Publisher:         - CVE number         - CWE ID         - CVSS scores         - Reference to any publicly-available information **** A Denial of Service vulnerability related to preemptive item deletion in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down. Depending upon the license model(s) you offer to your customers, you may or may not distribute one or both of these components to one or more of your customers. If you don’t distribute either of these components, there is no further action on your part. If you do, you must distribute to those same customers the security update mentioned in the Resolution section of this article. This security vulnerability has been assigned the CVE ID number of CVE-2018-20031. Cause For security reasons, Flexera will not publish the cause of this security vulnerability. Steps To Reproduce For security reasons, Flexera Software will not publish the steps to reproduce this security vulnerability. Resolution The FlexNet Publisher 11.16.2 addresses the security vulnerability and is available from Flexera’s Product and License Center: FlexNet Publisher 2018 R4 We advise all FlexNet Publisher customers update lmgrd to FlexNet Publisher 11.16.2, and the vendor daemon as soon as possible after that. Please note that lmadmin or clients are not affected. As a reminder, Flexera no longer distributes the lmgrd executables to end customers; your end customers can only receive the lmgrd executable from you. Workaround No workaround available. Additional Information Please be aware that network access to the FlexNet Publisher License Server would be necessary to perform any attack. Protecting the license server from unauthorized access is essential to minimize the opportunities for any of the vulnerabilities to be exploited. Customers are also strongly advised to follow best practice in protecting the license server from unauthorized access. Related Documents https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20031 https://nvd.nist.gov/vuln/detail/CVE-2018-20031#vulnCurrentDescriptionTitle
View full article