Loading
search-img
Title
FlexNet Beacon vulnerability remediated in FlexNet Manager Suite

Summary

A cumulative update is available to remediate a vulnerability in the FlexNet Beacon

Symptoms

A vulnerability exists on the FlexNet Beacon shipped with on-premises releases of FlexNet Manager Suite from 2014 up to and including 2016 R1 SP1.

To understand the potential consequences of this vulnerability, please refer to:
Common Consequences section of CWE-22 (Common Weakness Enumeration). The CVSS base score for this vulnerability is 10

The published hotfix for this issue also includes an additional fix. Please refer to:
Common Consequences section of CWE-79 (Common Weakness Enumeration). The CVSS base score for this vulnerability is 8.3

FlexNet Manager Suite Cloud was updated on 25 January 2017 for both issues.


Cause

For the cause of these vulnerabilites, see the description sections of:
Description section of CWE-22
Description section of CWE-79

Resolution

As of February 2nd, 2017, the following security updates are available from Flexera Software?s Product and License Center

  • FlexNet Manager Suite 2016 R1 SP1: FlexNet Manager Suite Hotfix 2016R1SP1-03
  • FlexNet Manager Suite 2016 R1: FlexNet Manager Suite Hotfix 2016R1-01
  • FlexNet Manager Suite 2015 R2 SP5: FlexNet Manager Suite Hotfix 2015R2SP5-03
  • FlexNet Manager Suite 2015 R2 SP4: FlexNet Manager Suite Hotfix 2015R2SP4-01
  • FlexNet Manager Suite 2015 R2 SP3: FlexNet Manager Suite Hotfix 2015R2SP3-02
  • FlexNet Manager Suite 2015 R2 SP2: FlexNet Manager Suite Hotfix 2015R2SP2-01
  • FlexNet Manager Suite 2015 R2 SP1: FlexNet Manager Suite Hotfix 2015R2SP1-04
  • FlexNet Manager Suite 2015 R2: FlexNet Manager Suite Hotfix 2015R2-01
  • FlexNet Manager Suite 2015: FlexNet Manager Suite Hotfix 2015-01
  • FlexNet Manager Suite 2014 R3: FlexNet Manager Suite Hotfix 2014R3-02
  • FlexNet Manager Suite 2014 R2: FlexNet Manager Suite Hotfix 2014R2-01
When applying the patch that applies to your installed release of FlexNet Manager Suite, updates will be applied to the inventory beacon and FlexNet Manager Suite servers.
Note that only the latest available Beacon software will be updated, so ensure that only the latest Beacon version, listed in the 'Version to deploy' drop-down box, is used when deploying an inventory beacon.

It is strongly recommended that all inventory beacons are updated to ensure they are running the latest FlexNet Beacon version. This may require updating the Beacon policy, on the Configure a Beacon page, to all Beacons so that the Upgrade mode setting = 'Always use the approved version'.

All inventory beacons are required to be upgraded to apply the update. To ensure that all inventory beacons have been upgraded, please refer to the status values of the Connectivity status and Policy Status columns on the Beacons page.

Workaround

CWE-22: Whilst only a specially-crafted upload could overwrite files on a target inventory beacon, the only effective workaround is to disable inventory beacon(s) by setting the Web Server Settings to ?No local web server (will not allow any incoming web requests)? in the FlexNet Beacon UI, as well as "BeaconSvc" IIS endpoint on the FNMS server. Performing these steps will also stop the inventory beacon(s) from receiving any updates. As this will also prevent application of any patch, it is not recommended.

Related Documents

https://cwe.mitre.org/data/definitions/22.html
https://cwe.mitre.org/data/definitions/79.html

Additional Information

Acknowledgement: Thank you to Christopher Ebneter (ctof@live.com) for identifying and documenting vulnerability CWE-22.
Was this helpful?
Support Hub
Create a case with Support
0/255
Upload Attachment
File Upload
Maximum file size allowed is 3 MB.
File type not supported.
Supported file types:
Documents (.txt, .doc, .docx, .pdf), Images (.jpg, .png), Comma Separated Files (.csv) Speadsheets (.xlsx, .xls)

Are you sure you want to cancel the case creation?

Are you sure you want to close this case

Get Hotline support
Products Region Phone Numbers
FlexNet Operations
FlexNet Embedded
FlexNet Publisher
FlexNet Connect
FlexNet Code Insight
InstallAnywhere
InstallShield 		North America  * +1 630-332-2513 (toll)
+1 877-279-2853 (toll-free in North America)
Europe  * +44 1925 944367 (toll)
+44 800 047 8642 (toll-free in Europe)
Japan  * +81 3-4540-5335 (select option 2)
Australia  * +61 3 9895 2177
+61 1800 560 603 (toll-free in Australia)
Usage Intelligence (formerly Revulytics)
Compliance Intelligence 		Please use the Case Portal to submit your support ticket or reach out to your Revenera contact.
Book an Appointment
File Upload
Maximum file size allowed is 3 MB.
File type not supported.
Supported file types:
Documents (.txt, .doc, .docx, .pdf), Images (.jpg, .png), Comma Separated Files (.csv) Speadsheets (.xlsx, .xls)
+1.800.374.4353
CONTACT US REVENERA.COM FLEXERA.com
© 2026 Flexera Software. All Rights Reserved.
Privacy policy Terms and conditions Flexera Community Contact Us
Loading
FlexNet Beacon vulnerability remediated in FlexNet Manager Suite