CISA has published an advisory on improper input validation and memory corruption vulnerabilities in Flexera FlexNet Publisher. Versions 2018 R3 and prior are affected. These vulnerabilities could allow an attacker to deny the acquisition of a valid license for legal use of the product. The memory corruption vulnerability could allow remote code execution. Flexera recommends all users using affected versions of FlexNet Publisher upgrade to Version 2018 R4 or newer as soon as possible. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at WaterISAC.
Thank you to everyone who helped make H2OSecCon Spring 2024 happen! As noted during the event, WaterISAC intends to conduct another H2OSecCon this year, so stay tuned for updates!