..

Vulnerabilities in Dialogic HMP for Windows Service Update 395 installer

..

Developer Group

Developer Group
Connect with thousands of other developers to brainstorm ideas, share best practices and tips - or just chat about the latest emerging technologies making noise in the field. And of course, get the most up-to-date service and support news from Dialogic.
Dialogic PowerMedia HMP GlobalCall and R4 API

Vulnerabilities in Dialogic HMP for Windows Service Update 395 installer

  • Hi All,

    We use dialogic HMP for one of our product. Recently we found that Dialogic HMP for Windows Service Update 395 installer includes and installs FlexNet. It is used by Dialogic Standalone License Server. As reported in the link below FlexNet version used by Dialogic HMP for Windows is affected by multiple vulnerabilities.

    https://www.tenable.com/plugins/nessus/128148

    Flexera FlexNet Publisher < 11.16.2 Multiple Vulnerabilities includes:

    • Denial of Service vulnerability
    • Remote Code Execution vulnerability

    The solution is to upgrade to FlexNet version 11.16.2 or later.

    Can Dialogic team update Dialogic HMP for Windows installer to include the latest version of FlexNet?

  • Hi,

    We are aware of this issue and have already looked at that the process of changing the internal flexlm version used in this case. Its hopeful to be released in the next SU out the door. Timeframe for that is not known at this time though as the release itself has other dependencies which need to be met.

    Regards,

    Jeff M.