CVE-2020-10056

Name of the Vulnerable Software and Affected Versions License Management Utility (LMU) versions prior to V2.4

Description A security issue has been identified where the lmgrd service of the affected application runs with local SYSTEM privileges on the server, and its configuration can be modified by local users. This could allow a local authenticated attacker to execute arbitrary commands on the server with local SYSTEM privileges.

Recommendations For versions prior to V2.4, update to version V2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the lmgrd service configuration to prevent local users from modifying it.