Skip to main content

Flexnet Manager Suite

3 CVEs product

Monthly

CVE-2026-4027 HIGH This Week

Unauthorized attachment file access in Flexera FlexNet Manager Suite 2025 R1 and R2 allows authenticated low-privileged users to retrieve attachment files belonging to other tenants or users due to insufficient access control enforcement. No public exploit identified at time of analysis, and the issue is not on the CISA KEV list, but the CVSS 4.0 base score of 7.1 reflects meaningful confidentiality impact over the network with low privileges required. Organizations using FNMS for software asset management and license compliance should review the Flexera Community advisory and apply vendor guidance.

Authentication Bypass Flexnet Manager Suite
NVD VulDB
CVSS 4.0
7.1
EPSS
0.2%
CVE-2026-4026 HIGH This Week

Privilege escalation in Flexera FlexNet Manager Suite 2025 R1 allows an authenticated user holding only read-only access to account settings to elevate themselves to full Administrator. The flaw is a server-side access-control failure (CWE-284) reachable over the network with low privileges and no user interaction, scoring CVSS 4.0 8.7. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Authentication Bypass Flexnet Manager Suite
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2017-6885 CRITICAL Act Now

An error when handling certain external commands and services related to the FlexNet Inventory Agent and FlexNet Beacon of the Flexera Software FlexNet Manager Suite 2017 before 2017 R1 and 2014 R3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Flexnet Manager Suite
NVD
CVSS 3.0
9.8
EPSS
0.4%
EPSS 0% CVSS 7.1
HIGH This Week

Unauthorized attachment file access in Flexera FlexNet Manager Suite 2025 R1 and R2 allows authenticated low-privileged users to retrieve attachment files belonging to other tenants or users due to insufficient access control enforcement. No public exploit identified at time of analysis, and the issue is not on the CISA KEV list, but the CVSS 4.0 base score of 7.1 reflects meaningful confidentiality impact over the network with low privileges required. Organizations using FNMS for software asset management and license compliance should review the Flexera Community advisory and apply vendor guidance.

Authentication Bypass Flexnet Manager Suite
NVD VulDB
EPSS 0% CVSS 8.7
HIGH This Week

Privilege escalation in Flexera FlexNet Manager Suite 2025 R1 allows an authenticated user holding only read-only access to account settings to elevate themselves to full Administrator. The flaw is a server-side access-control failure (CWE-284) reachable over the network with low privileges and no user interaction, scoring CVSS 4.0 8.7. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Authentication Bypass Flexnet Manager Suite
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

An error when handling certain external commands and services related to the FlexNet Inventory Agent and FlexNet Beacon of the Flexera Software FlexNet Manager Suite 2017 before 2017 R1 and 2014 R3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Flexnet Manager Suite
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy