Hi @blakegreen  did you get any resolution for this issue? We are having  vulnerabilities issue with InstallShield 2016. The only solution we have got so far from Flexera Support is to upgrade to InstallShield 2019, we do not want to spend few thousand dollars to get resolution to this vulnerabilty issue. ... View more

Hi Vishal, Thanks for the additional information - Let me go through the additional 5 CVE's that you have reported and hopefully alleviate any concerns you have. CVE-2005-2096: https://nvd.nist.gov/vuln/detail/CVE-2005-2096 This states "zlib 1.2 and later" - this is a rather vague statement and it doesn't actually mean zlib 1.2 and every single version created after it. It is only referencing the later versions which existed at the time the article was written. Towards the bottom of the article we can see "Known Affected Software Configurations" - this lists the versions known to be affected which are 1.2.0, 1.2.1 and 1.2.2 There is no reference to 1.2.3 I have double checked in Flexera's own open source software manager (FlexNet Code Insight) and can confirm that this also does not report this CVE issue in 1.2.3 CVE-2005-1849 https://nvd.nist.gov/vuln/detail/CVE-2005-1849 This article only references zlib 1.2.2 CVE-2004-0797 https://nvd.nist.gov/vuln/detail/CVE-2004-0797 The description in this article states "zlib 1.2.x" - again if we look at the bottom of the article we can see the "Known Affected Software Configurations" are actually sub versions of zlib 1.2.1.x CVE-2003-0107 https://nvd.nist.gov/vuln/detail/CVE-2003-0107 This references zlib 1.1.4 and not 1.2.3 CVE-2002-0059 https://nvd.nist.gov/vuln/detail/CVE-2002-0059 This references zlib 1.1.3 and earlier and not 1.2.3 I hope this helps, Stuart ... View more