{"id":71141,"date":"2016-03-01T18:06:40","date_gmt":"2016-03-01T18:06:40","guid":{"rendered":"http:\/\/www.esri.com\/arcgis-blog\/products\/product\/uncategorized\/license-manager-security-update\/"},"modified":"2018-03-26T21:07:58","modified_gmt":"2018-03-26T21:07:58","slug":"license-manager-security-update","status":"publish","type":"blog","link":"https:\/\/www.esri.com\/arcgis-blog\/products\/\/uncategorized\/license-manager-security-update","title":{"rendered":"License Manager Security Update"},"author":6431,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"open","ping_status":"closed","template":"","format":"standard","meta":{"_acf_changed":false,"_searchwp_excluded":""},"categories":[],"tags":[24081,30131,24071,30141],"industry":[],"product":[36571],"class_list":["post-71141","blog","type-blog","status-publish","format-standard","hentry","tag-ssamymlgp","tag-licensing","tag-security","tag-security-patch","product-arcgis-enterprise"],"acf":{"short_description":"ArcGIS License Manager is built with a third party software component called Flexera FlexNet Publisher. Recently, a CVE (CVE-2015-8277) w...","flexible_content":[{"acf_fc_layout":"content","content":"

ArcGIS License Manager is built with a third party software component called Flexera FlexNet Publisher. Recently, a CVE (CVE-2015-8277<\/a>) <\/em>was released detailing buffer overflow vulnerabilities associated with Flexera FlexNet Publisher. \u00a0Esri\u202fis providing ArcGIS 10.4 License Manager to resolve these Flexera-based vulnerabilities.<\/p>\n

Vulnerability Details:\u202f\u00a0<\/strong><\/p>\n

Flexera FlexNet Publisher contains a buffer overflow vulnerability that could allow remote code execution \u2013 (CWE-130<\/a>)<\/p>\n

A remote unauthenticated attacker may be able to execute arbitrary code or perform a denial of service by exploiting a buffer overflow vulnerability in affected servers. The CVE (CVE-2015-8277<\/a>) associated with this vulnerability is still undergoing analysis however the Vulnerability Note issued by US CERT<\/a>\u00a0has given this vulnerability a CVSS base score of 10.0 (HIGH)<\/a>.\u00a0<\/em><\/p>\n

Note:<\/em> Keep in mind that CVSS base scores do not include temporal or\u00a0 environmental organization-specific factors for calculation. As a best practice, Esri recommends not exposing License Manager externally. Assuming ArcGIS License Manager is not exposed externally and not accessible anonymously, this lowers the CVSS score to 6.8 (MEDIUM)<\/a>.\u00a0<\/em><\/strong><\/p>\n

Mitigating Measures:<\/strong><\/p>\n

Esri recommends downloading and installing ArcGIS 10.4 License Manager immediately for all customers that use concurrent licensing while removing their current ArcGIS License Manager. The ArcGIS 10.4 License Manager can be downloaded from My Esri and is available within the ArcGIS for Desktop, ArcGIS Engine, and ArcGIS for Server products. Contact your primary maintenance contact for access to My Esri if you are not authorized to download Esri software. The ArcGIS 10.4 License Manager is compatible with all ArcGIS releases from ArcGIS 10.0 through ArcGIS 10.4. For more information on affected versions<\/strong>, please see the details in the associated Knowledge Base Article<\/a>.<\/p>\n

References:\u202f\u00a0<\/strong><\/p>\n

CVE-2015-8277<\/a><\/p>\n

Esri Knowledge Base Article 46334<\/a><\/p>\n

CWE-130<\/a>: Improper Handling of Length Parameter Inconsistency<\/p>\n

US CERT Vulnerability Note VU#485744<\/a><\/p>\n

The Security Standards and Architecture team<\/p>\n"}],"authors":[{"ID":6431,"user_firstname":"Matt","user_lastname":"Lorrain","nickname":"mlorrain","user_nicename":"mlorrain","display_name":"Matt Lorrain","user_email":"mlorrain@esri.com","user_url":"","user_registered":"2018-03-02 00:18:22","user_description":"","user_avatar":""}]},"yoast_head":"\nLicense Manager Security Update<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.esri.com\/arcgis-blog\/products\/\/uncategorized\/license-manager-security-update\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"License Manager Security Update\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.esri.com\/arcgis-blog\/products\/\/uncategorized\/license-manager-security-update\" \/>\n<meta property=\"og:site_name\" content=\"ArcGIS Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/esrigis\/\" \/>\n<meta property=\"article:modified_time\" content=\"2018-03-26T21:07:58+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@ESRI\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":[\"Article\",\"BlogPosting\"],\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/\/uncategorized\/license-manager-security-update#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/\/uncategorized\/license-manager-security-update\"},\"author\":{\"name\":\"Matt Lorrain\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/1e298644b899f2589044c631f8bdb2e0\"},\"headline\":\"License Manager Security Update\",\"datePublished\":\"2016-03-01T18:06:40+00:00\",\"dateModified\":\"2018-03-26T21:07:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/\/uncategorized\/license-manager-security-update\"},\"wordCount\":4,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#organization\"},\"keywords\":[\"ArcGIS Trust Center\",\"licensing\",\"Security\",\"security patch\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.esri.com\/arcgis-blog\/products\/\/uncategorized\/license-manager-security-update#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/\/uncategorized\/license-manager-security-update\",\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/\/uncategorized\/license-manager-security-update\",\"name\":\"License Manager Security Update\",\"isPartOf\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#website\"},\"datePublished\":\"2016-03-01T18:06:40+00:00\",\"dateModified\":\"2018-03-26T21:07:58+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/\/uncategorized\/license-manager-security-update#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.esri.com\/arcgis-blog\/products\/\/uncategorized\/license-manager-security-update\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/\/uncategorized\/license-manager-security-update#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.esri.com\/arcgis-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"License Manager Security Update\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#website\",\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/\",\"name\":\"ArcGIS Blog\",\"description\":\"Get insider info from Esri product teams\",\"publisher\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.esri.com\/arcgis-blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#organization\",\"name\":\"Esri\",\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/04\/Esri.png\",\"contentUrl\":\"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/04\/Esri.png\",\"width\":400,\"height\":400,\"caption\":\"Esri\"},\"image\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/esrigis\/\",\"https:\/\/x.com\/ESRI\",\"https:\/\/www.linkedin.com\/company\/5311\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/1e298644b899f2589044c631f8bdb2e0\",\"name\":\"Matt Lorrain\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/8d16bf46aab581dbf779325cf334750692c97235af9bc4f8c7de7ae0c8885585?s=96&d=blank&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/8d16bf46aab581dbf779325cf334750692c97235af9bc4f8c7de7ae0c8885585?s=96&d=blank&r=g\",\"caption\":\"Matt Lorrain\"},\"url\":\"\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"License Manager Security Update","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.esri.com\/arcgis-blog\/products\/\/uncategorized\/license-manager-security-update","og_locale":"en_US","og_type":"article","og_title":"License Manager Security Update","og_url":"https:\/\/www.esri.com\/arcgis-blog\/products\/\/uncategorized\/license-manager-security-update","og_site_name":"ArcGIS Blog","article_publisher":"https:\/\/www.facebook.com\/esrigis\/","article_modified_time":"2018-03-26T21:07:58+00:00","twitter_card":"summary_large_image","twitter_site":"@ESRI","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":["Article","BlogPosting"],"@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/\/uncategorized\/license-manager-security-update#article","isPartOf":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/\/uncategorized\/license-manager-security-update"},"author":{"name":"Matt Lorrain","@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/1e298644b899f2589044c631f8bdb2e0"},"headline":"License Manager Security Update","datePublished":"2016-03-01T18:06:40+00:00","dateModified":"2018-03-26T21:07:58+00:00","mainEntityOfPage":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/\/uncategorized\/license-manager-security-update"},"wordCount":4,"commentCount":0,"publisher":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/#organization"},"keywords":["ArcGIS Trust Center","licensing","Security","security patch"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.esri.com\/arcgis-blog\/products\/\/uncategorized\/license-manager-security-update#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/\/uncategorized\/license-manager-security-update","url":"https:\/\/www.esri.com\/arcgis-blog\/products\/\/uncategorized\/license-manager-security-update","name":"License Manager Security Update","isPartOf":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/#website"},"datePublished":"2016-03-01T18:06:40+00:00","dateModified":"2018-03-26T21:07:58+00:00","breadcrumb":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/\/uncategorized\/license-manager-security-update#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.esri.com\/arcgis-blog\/products\/\/uncategorized\/license-manager-security-update"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/\/uncategorized\/license-manager-security-update#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.esri.com\/arcgis-blog\/"},{"@type":"ListItem","position":2,"name":"License Manager Security Update"}]},{"@type":"WebSite","@id":"https:\/\/www.esri.com\/arcgis-blog\/#website","url":"https:\/\/www.esri.com\/arcgis-blog\/","name":"ArcGIS Blog","description":"Get insider info from Esri product teams","publisher":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.esri.com\/arcgis-blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.esri.com\/arcgis-blog\/#organization","name":"Esri","url":"https:\/\/www.esri.com\/arcgis-blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/04\/Esri.png","contentUrl":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/04\/Esri.png","width":400,"height":400,"caption":"Esri"},"image":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/esrigis\/","https:\/\/x.com\/ESRI","https:\/\/www.linkedin.com\/company\/5311\/"]},{"@type":"Person","@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/1e298644b899f2589044c631f8bdb2e0","name":"Matt Lorrain","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/8d16bf46aab581dbf779325cf334750692c97235af9bc4f8c7de7ae0c8885585?s=96&d=blank&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/8d16bf46aab581dbf779325cf334750692c97235af9bc4f8c7de7ae0c8885585?s=96&d=blank&r=g","caption":"Matt Lorrain"},"url":""}]}},"text_date":"March 1, 2016","author_name":"Matt Lorrain","author_page":false,"custom_image":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2025\/08\/Newsroom-Keyart-Wide-1920-x-1080.jpg","primary_product":"ArcGIS Enterprise","tag_data":[{"term_id":24081,"name":"ArcGIS Trust Center","slug":"ssamymlgp","term_group":0,"term_taxonomy_id":24081,"taxonomy":"post_tag","description":"","parent":0,"count":96,"filter":"raw"},{"term_id":30131,"name":"licensing","slug":"licensing","term_group":0,"term_taxonomy_id":30131,"taxonomy":"post_tag","description":"","parent":0,"count":22,"filter":"raw"},{"term_id":24071,"name":"Security","slug":"security","term_group":0,"term_taxonomy_id":24071,"taxonomy":"post_tag","description":"","parent":0,"count":124,"filter":"raw"},{"term_id":30141,"name":"security patch","slug":"security-patch","term_group":0,"term_taxonomy_id":30141,"taxonomy":"post_tag","description":"","parent":0,"count":20,"filter":"raw"}],"category_data":[],"product_data":[{"term_id":36571,"name":"ArcGIS Enterprise","slug":"arcgis-enterprise","term_group":0,"term_taxonomy_id":36571,"taxonomy":"product","description":"","parent":0,"count":972,"filter":"raw"}],"primary_product_link":"https:\/\/www.esri.com\/arcgis-blog\/?s=#&products=arcgis-enterprise","_links":{"self":[{"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/blog\/71141","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/blog"}],"about":[{"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/types\/blog"}],"author":[{"embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/users\/6431"}],"replies":[{"embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/comments?post=71141"}],"version-history":[{"count":0,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/blog\/71141\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/media?parent=71141"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/categories?post=71141"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/tags?post=71141"},{"taxonomy":"industry","embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/industry?post=71141"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/product?post=71141"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}