Frequently asked question

Is ArcGIS affected by the vulnerability in Flexnet Publisher lmadmin.exe per CVE-2024-2658?

Last Published: March 27, 2024

Answer

Flexnet Publisher is a third-party component used in some ArcGIS products, including ArcGIS License Manager.  A recent vulnerability, published March 22, 2024, with reference CVE-2024-2658 was found in Flexnet Publisher versions prior to Flexnet Publisher version 2024 R1 (11.19.6.0) that impacts the lmadmin.exe utility component.

Esri does not include the lmadmin.exe utility in the ArcGIS License Manager application or any other ArcGIS platform product, thus there is no impact to Esri customers using ArcGIS software.

For more information, please refer to the CVE article published by Revenera: CVE-2024-2658: FlexNet Publisher potential local privilege escalation issue [community.flexera.com]

Article ID:000032324

Get help from ArcGIS experts

Contact technical support

Download the Esri Support App

Go to download options

Discover more on this topic