CVE-2020-14515

CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected.
References
Link Resource
https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01 Third Party Advisory US Government Resource
https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

cpe:2.3:a:wibu:codemeter:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:03

Type Values Removed Values Added
References () https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01 - Third Party Advisory, US Government Resource () https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01 - Third Party Advisory, US Government Resource

Information

Published : 2020-09-16 20:15

Updated : 2024-11-21 05:03


NVD link : CVE-2020-14515

Mitre link : CVE-2020-14515

CVE.ORG link : CVE-2020-14515


JSON object : View

Products Affected

wibu

  • codemeter
CWE
CWE-347

Improper Verification of Cryptographic Signature