Description
A security vulnerability has been identified in FlexNet Manager Suite 2025 R1 and R2 that could allow unauthorized access to attachment files due to insufficient access control.
Published: 2026-06-19
Score: 7.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in FlexNet Manager Suite 2025 R1 and R2 allows an attacker to obtain attachment files without proper authorization due to insufficient access control. The weakness, classified as CWE‑284, permits users who can reach the affected component to request and download any stored attachments, potentially revealing confidential documents, logs, or proprietary data. Because the flaw resides in a web‑based service, the breach would affect the confidentiality of information stored within the system.

Affected Systems

The vulnerability impacts Flexera’s FlexNet Manager Suite on Windows platforms. Affected installations include the 2025 R1 and R2 editions, and may also cover the 2026 R1 release as indicated by the CPE entries.

Risk and Exploitability

The CVSS score of 7.1 indicates a medium‑to‑high severity risk. The EPSS score is not available, so the likelihood of exploitation cannot be quantified precisely, and the flaw is not listed in the CISA KEV catalog, suggesting no known active exploitation yet. The attack vector is inferred to be remote, leveraging the web interface that serves attachment content; an attacker would need network access to the management system, and could exploit the lack of proper permission checks to retrieve arbitrary files.

Generated by OpenCVE AI on June 19, 2026 at 21:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest FlexNet Manager Suite patch or upgrade to a version that contains the fix for the access–control flaw issued by Flexera.
  • Restrict network access to the FlexNet Manager Suite management interface by configuring firewall rules and segmenting the network so that only trusted hosts can reach the endpoint.
  • Enforce role‑based access control and ensure that attachment retrieval endpoints require explicit authorization; validate that unauthorized requests are rejected.

Generated by OpenCVE AI on June 19, 2026 at 21:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 19 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been identified in FlexNet Manager Suite 2025 R1 and R2 that could allow unauthorized access to attachment files due to insufficient access control.
Title FlexNet Manager Suite Attachment File Disclosure
First Time appeared Flexera
Flexera flexnet Manager Suite
Weaknesses CWE-284
CPEs cpe:2.3:a:flexera:flexnet_manager_suite:*:*:windows:*:*:*:*:*
cpe:2.3:a:flexera:flexnet_manager_suite:2026_r1:*:windows:*:*:*:*:*
Vendors & Products Flexera
Flexera flexnet Manager Suite
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Flexera Flexnet Manager Suite
cve-icon MITRE

Status: PUBLISHED

Assigner: flexera

Published:

Updated: 2026-06-19T13:15:39.453Z

Reserved: 2026-03-11T21:28:08.052Z

Link: CVE-2026-4027

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-19T21:30:17Z

Weaknesses