CVE-2017-5571 — Open Redirect in Flexnet Publisher

CWE-601 — Open Redirect4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.6%

top 30.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Flexerasoftware Flexnet Publisher

Timeline

PublishedMar 3

Latest updateMay 14

Description

Open redirect vulnerability in the lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) 11.14.1 and earlier, as used in Citrix License Server for Windows and the Citrix License Server VPX, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDflexerasoftware/flexnet_publisher11.14.1

🔴Vulnerability Details

GHSA

GHSA-5mwv-vrx3-5pvv: Open redirect vulnerability in the lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) 11↗2022-05-14

▶

CVEList

CVE-2017-5571: Open redirect vulnerability in the lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) 11↗2017-03-03

▶

📋Vendor Advisories

Citrix

CVE-2017-5571: Open redirect vulnerability in the lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) 11.14.1 and earlier, as used in Citrix Li↗2017-03-03

▶