CVE-2020-14515

CWE-347CWE-284Improper Access ControlCWE-20Improper Input Validation5 documents5 sources
Severity
7.5HIGH
EPSS
0.1%
top 75.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Wibu Codemeter
Timeline
PublishedSep 16
Latest updateMay 24

Description

CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDwibu/codemeter< 6.90
CVEListV5codemeterAll versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code., All versions prior to 7.00, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server.+1

🔴Vulnerability Details

3
GHSA
GHSA-77f6-gh77-3f4f: CodeMeter (All versions prior to 62022-05-24
GHSA
Improper Input Validation in Apache Solr2022-02-10
CVEList
CVE-2020-14515: CodeMeter (All versions prior to 62020-09-16

📋Vendor Advisories

1
Red Hat
solr: replication handler allows a read-write operations to any location the solr user can access2020-08-17