Loading
search-img

Security Vulnerabilities

Skip Feed

  1. hemavady_sk asked a question.

    June 11, 2025 at 7:12 AM
    jre is unzipped by IA and it is kept in the machine after installation (this jre is used for uninstallation later). it leads jre package as part of our application and it is vulnerable if the IA is not upgraded regularly to get recent jre.

    now already installed machines are vulnerable due to the jre package left by the ia in our application server

    • 80 views

  2. AmaanCG asked a question.

    May 14, 2025 at 6:44 AM
    How to Prevent Sensitive Properties from Being Logged in Chained MSI Installer (Installshield Properties)

    Hi Community,

     

    I'm working with an InstallShield 2024 R2 project that uses chained .msi packages. In the Release > chained .msi > Packages view, I'm passing several properties to the child MSIs using the Installshield Property Manager field.

     

    Properties are passed as chained ism in following way.

    Example : Main application Installer (Main.ism) -> Installer1.ism (Where the properties are passed)

    Main application Installer (Main.ism) -> Installer2.ism (Where the properties are passed)

     

    Some of these properties are sensitive, such as passwords. However, I’ve noticed that these values are being logged in plain text in the installer MSI logs, which is a security concern.

     

    What I’ve Tried:

    I’ve defined the sensitive properties in the Installer1.ism & Installer2.ism Property Table.

    I’ve added those property names to the SecureCustomProperties and MSIHiddenProperties property in the Installer1.ism & Installer2.ism

     

    Despite this, the values still appear in the install logs when I run the installer.

     

    My Questions:

    Is there a reliable way to prevent sensitive properties passed through chain installer from being logged?

    Any examples would be greatly appreciated!

    Thanks!

    Expand Post
    • 127 views

  3. 1 of 4

End of Feed
3 Chatter Feed Items
ALL CONVERSATIONS
UNSOLVED
ARTICLES
1 Follower
3 Posts

Related Topics

    Create a case with Support
    0/255
    Upload Attachment
    File Upload
    Maximum file size allowed is 3 MB.
    File type not supported.
    Supported file types:
    Documents (.txt, .doc, .docx, .pdf), Images (.jpg, .png), Comma Separated Files (.csv) Speadsheets (.xlsx, .xls)

    Are you sure you want to cancel the case creation?

    Are you sure you want to close this case

    Get Hotline support
    Products Region Phone Numbers
    FlexNet Operations
    FlexNet Embedded
    FlexNet Publisher
    FlexNet Connect
    FlexNet Code Insight
    InstallAnywhere
    InstallShield     		North America  * +1 630-332-2513 (toll)
    +1 877-279-2853 (toll-free in North America)
    Europe  * +44 1925 944367 (toll)
    +44 800 047 8642 (toll-free in Europe)
    Japan  * +81 3-4540-5335 (select option 2)
    Australia  * +61 3 9895 2177
    +61 1800 560 603 (toll-free in Australia)
    Usage Intelligence (formerly Revulytics)
    Compliance Intelligence     		Please use the Case Portal to submit your support ticket or reach out to your Revenera contact.
    Book an Appointment
    File Upload
    Maximum file size allowed is 3 MB.
    File type not supported.
    Supported file types:
    Documents (.txt, .doc, .docx, .pdf), Images (.jpg, .png), Comma Separated Files (.csv) Speadsheets (.xlsx, .xls)
    +1.800.374.4353
    CONTACT US REVENERA.COM FLEXERA.com
    © 2026 Flexera Software. All Rights Reserved.
    Privacy policy Terms and conditions Flexera Community Contact Us
    Loading
    Security Vulnerabilities