CVE-2022-34659

Name of the Vulnerable Software and Affected Versions Simcenter STAR-CCM+ versions prior to the fixed version, when the Power-on-Demand public license server is used

Description The issue is related to errors in information processing, potentially allowing a remote attacker to gain unauthorized access to protected information about the host and displayed user names. The vulnerability exposes user, host, and display name of users when the public license server is used, which could be retrieved by an attacker.

Recommendations For Simcenter STAR-CCM+ versions using the Power-on-Demand public license server, consider disabling the public license server until a patch is available to prevent exposure of user information. As a temporary workaround, restrict access to the public license server to minimize the risk of exploitation. Avoid using the public license server in Simcenter STAR-CCM+ until the issue is resolved.