CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected.
References
Link | Resource |
---|---|
https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01 | Third Party Advisory US Government Resource |
https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01 | Third Party Advisory US Government Resource |
Configurations
History
21 Nov 2024, 05:03
Type | Values Removed | Values Added |
---|---|---|
References | () https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01 - Third Party Advisory, US Government Resource |
Information
Published : 2020-09-16 20:15
Updated : 2024-11-21 05:03
NVD link : CVE-2020-14515
Mitre link : CVE-2020-14515
CVE.ORG link : CVE-2020-14515
JSON object : View
Products Affected
wibu
- codemeter
CWE
CWE-347
Improper Verification of Cryptographic Signature