Article - CS394029
Security Vulnerabilities identified in FlexNet Publisher 2023 Release versions prior to 11.19.4.0
Modified: 29-May-2024
Applies To
- Creo Parametric 2.0 to 10.0
- Creo View 2.0 to 10.0
- Creo Illustrate 2.0 to 10.1
- Mathcad Prime 1.0 to 9.0
- Pro/ENGINEER and Creo Elements/Pro 20.0 to Wildfire 5.0
- Arbortext IsoDraw CADprocess 7.3 to 7.4
- FlexNet Publisher 2023 Release versions prior to 11.19.4.0
- Note: the following PTC products may make use of the lmadmin web user interface, this includes all version of: CREO, CREO View, CREO Schematics, MathCAD, MathCAD Prime, Arbortext, Windchill Risk and Reliability, and Windchill RV&S
- Arbortext IsoDraw
Description
- A remote code execution (RCE) vulnerability was identified in the FlexNet Publisher lmadmin web user interface
- If exploited, the vulnerability allows the execution of a rogue vendor daemon using the UNC path
- NOTE: This vulnerability does not impact the lmgrd utility
- Refer to Flexera Knowledge Base article for the most current information on this vulnerability
- Note that PTC has no indication nor has been made aware that this vulnerability has or is being exploited
This is a printer-friendly version of Article 394029 and may be out of date. For the latest version click CS394029