6 Replies Latest reply on Jan 6, 2020 3:00 PM by Tyler Reeves

    Upgrade to FlexNet Publisher 11.16.2 or later.

    george.david

      Tableau support,

       

      the version of flexnet you are publishing with your software is out of date.

       

      Installed version : 11.14.1

        Fixed version     : 11.16.2

       

      Tenable Nessus Info:

      Flexera FlexNet Publisher < 11.16.2 Multiple Vulnerabilities (128148)

      • Synopsis

        A licensing application running on the remote host is affected by multiple vulnerabilities.
      • Description

        The version of Flexera FlexNet Publisher running on the remote host is prior to 11.16.2. It is, therefore, affected by multiple vulnerabilities :- A Denial of Service vulnerability related to preemptive item deletion in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down. (CVE-2018-20031)- A Denial of Service vulnerability related to message decoding in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down. (CVE-2018-20032)- A Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier could allow a remote attacker to corrupt the memory by allocating / deallocating memory, loading lmgrd or the vendor daemon and causing the heartbeat between lmgrd and the vendor daemon to stop. This would force the vendor daemon to shut down.
        (CVE-2018-20033)- A Denial of Service vulnerability related to adding an item to a list in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down. (CVE-2018-20034)
      • Solution

        Upgrade to FlexNet Publisher 11.16.2 or later.