Protocol encryption can be easily broken and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API.ĬVE-2020-14517 has been assigned to this vulnerability. 4.2.2 INADEQUATE ENCRYPTION STRENGTH CWE-326 A CVSS v3 base score of 10.0 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). An attacker could send specially crafted packets to exploit these vulnerabilities.ĬVE-2020-14509 has been assigned to this vulnerability. Multiple memory corruption vulnerabilities exist where the packet parser mechanism does not verify length fields. 4.2 VULNERABILITY OVERVIEW 4.2.1 BUFFER ACCESS WITH INCORRECT LENGTH VALUE CWE-805 As new instances are discovered/reported, they will be added to this list of affected products. This license manager is used in products by many different vendors.