CNNVD-202602-1882 Information

CNNVD ID

CNNVD-202602-1882

Related CVE

CVE-2019-25313

• CNNVD Published: 2026-02-11

Description (Chinese)

Flexera FlexNet Publisher（FLEXlm）是美国Flexera公司的一款授权关系管理解决方案（Entitlement Relationship Management Solution）中的软件授权管理核心组件。该产品可为软件与硬件生产商提供定价、打包和定制软件授权期限。 Flexera FlexNet Publisher（FLEXlm） 11.12.1版本存在跨站请求伪造漏洞，该漏洞源于跨站请求伪造，可能导致攻击者创建具有预定义密码的新本地管理员账户。

Description (English)

Flexera FlexNet Publicsher (FLEXlm) is the core software authorization management component of the United States company Flexera’s Authorized Relationship Management Settlement. The product could provide software and hardware producers with pricing, packaging and customized software authorization periods. The version 11.12.1 of Flexera FlexNet Publisher (FLEXl) contains a false gap in cross-site requests, which originates in cross-site requests for forgery and may lead the attackers to create new local administrator accounts with predefined passwords.

Hazard Level

High

Vulnerability Type

跨站请求伪造

Affected Vendor

Flexera

Published

2026-02-11

Last Modified

2026-02-24

References

https://www.exploit-db.com/exploits/47986 https://www.flexerasoftware.com/ https://www.flexerasoftware.com/monetize/products/flexnet-licensing.html https://www.vulncheck.com/advisories/flexnet-publisher-cross-site-request-forgery-add-local-admin