First published: Wed Sep 16 2020(Updated: )
CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected.
Credit: ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
Wibu Codemeter | <6.90 | |
Wibu-Systems AG All versions prior to 7.10a are affected by CVE-2020-14509 and CVE-2020-14519 | ||
Wibu-Systems AG All versions prior to 7.10a are affected by CVE-2020-14517 | ||
Wibu-Systems AG All versions prior to 7.10 are affected by CVE-2020-16233 | ||
Wibu-Systems AG All versions prior to 6.81 are affected by CVE-2020-14513 | ||
Wibu-Systems AG All versions prior to 6.90 are affected by CVE-2020-14515 when using CmActLicense update files with CmActLicense Firm Code |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this CodeMeter vulnerability is CVE-2020-14515.
The severity of vulnerability CVE-2020-14515 is high with a CVSS score of 7.5.
All versions prior to 6.90 of CodeMeter are affected by CVE-2020-14515.
This vulnerability allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file.
Yes, the fix for CVE-2020-14515 is to update CodeMeter to version 6.90 or later.