FlexNet Publisher Vulnerability: Is FME Impacted?

Kezia Yu
Kezia Yu
  • Updated

Introduction

Safe Software is aware of the vulnerability known as CVE-2024-2658 impacting FlexNet Publisher.  

This article provides an overview of our analysis of this vulnerability and our mitigation advice for users. We will continuously update this article as we have new information to share.

 

Summary Table

Application Version(s) Affected Platform Remediation Workaround
FME Engine Not affected
FME Form Not affected
FME Flow Not affected
FME Flow Hosted Not affected
FME Mobile Applications Not affected
FME License Server Not affected

* Per our Product Support Policy, only the current year’s release of FME will be assessed for security issues.  

According to our assessment, FME is not affected by FlexNet Publisher’s potential local privilege escalation issue. This vulnerability is specific to FlexNet Publisher’s Imadmin license management utility, which Safe Software does not use. Therefore, Safe Software’s FlexNet Publisher installer is not affected by this vulnerability. 

 

FME Platform Applications

FME Form

All versions of FME Form are not affected by the vulnerability described as CVE-2024-2658.

 

FME Flow

All versions of FME Flow are not affected by the vulnerability described as CVE-2024-2658.

 

FME Flow Hosted

All versions of FME Flow Hosted are not affected by the vulnerability described as CVE-2024-2658.

 

FME AR or Deprecated FME Mobile Applications

All versions of FME AR and FME Mobile are not affected by the vulnerability described as CVE-2024-2658.

 

FME License Server

Impact

All versions of FME License Server (using FlexLM/FlexNet Publisher) are not affected by the vulnerability described as CVE-2024-2658.

 

Remediation

Although our current installer is not affected by CVE-2024-2658, we are pursuing a FlexNet Publisher upgrade to v11.19.6. We are taking this step to accommodate environments that prohibit the installation of software with any vulnerabilities, even if they are not exploitable. It will be uploaded to our Downloads page when it’s ready.

 

FAQ 

How can I be notified of security updates in the future?

If you would like to be notified of security updates from Safe Software, we encourage you to subscribe to our Security Updates email list by signing up via the form on our Security page.

 

Reporting Security Issues

If you believe you have discovered a vulnerability in the FME Platform, our website, or our other products, please email us as quickly as possible at security at safe dot com.

We greatly appreciate the efforts of security researchers and discoverers who share information on security issues with us, giving us a chance to improve our products and better protect our users. Please note that we do not compensate individuals or organizations for identifying potential or confirmed security vulnerabilities.

 

Support

If you have questions or concerns regarding this advisory, please raise a support request. You can view all of our security notices on our Security Center.  

 

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.