CVE-2020-14519

Name of the Vulnerable Software and Affected Versions: CodeMeter versions prior to 7.00

Description: The issue is related to a component of the WebSockets API in the CodeMeter license control application, which is associated with a data source confirmation error. This can be exploited by a remote attacker to gain unauthorized access to modify or create license files for CmActLicense. The vulnerability can be exploited using a specifically crafted JavaScript payload, allowing alteration or creation of license files.

Recommendations: For CodeMeter versions prior to 7.00, consider disabling the WebSockets API as a temporary workaround until a patch is available. For systems or devices where a web browser is used to access a web server and the affected WebSockets API is still enabled, restrict access to the WebSockets API to minimize the risk of exploitation.