Article - CS394029

Security Vulnerabilities identified in FlexNet Publisher 2023 Release versions prior to 11.19.4.0

Modified: 29-May-2024   


Applies To

  • Creo Parametric 2.0 to 10.0
  • Creo View 2.0 to 10.0
  • Creo Illustrate 2.0 to 10.1
  • Mathcad Prime 1.0 to 9.0
  • Pro/ENGINEER and Creo Elements/Pro 20.0 to Wildfire 5.0
  • Arbortext IsoDraw CADprocess 7.3 to 7.4
  • FlexNet Publisher 2023 Release versions prior to 11.19.4.0
    • Note: the following PTC products may make use of the lmadmin web user interface, this includes all version of: CREO, CREO View, CREO Schematics, MathCAD, MathCAD Prime, Arbortext, Windchill Risk and Reliability, and Windchill RV&S
  • Arbortext IsoDraw

Description

  • A remote code execution (RCE) vulnerability was identified in the FlexNet Publisher lmadmin web user interface
    • If exploited, the vulnerability allows the execution of a rogue vendor daemon using the UNC path
    • NOTE: This vulnerability does not impact the lmgrd utility
  • Refer to Flexera Knowledge Base article for the most current information on this vulnerability
  • Note that PTC has no indication nor has been made aware that this vulnerability has or is being exploited
This is a printer-friendly version of Article 394029 and may be out of date. For the latest version click CS394029