Lmgrd and Vendor Daemon Security Vulnerabilities

Last Published: April 25, 2020


Four vulnerabilities were reported in the Flexera FNP toolkit, three of which could be exploited to cause a denial of service (DoS) and one of which could potentially allow execution of arbitrary code (although an exploit to verify this has not been seen). These vulnerabilities only impact the ArcGIS License Manager, version 2018.1 and older on all platforms. These vulnerabilities do not affect the client applications such as ArcGIS Desktop, ArcGIS Engine, Esri CityEngine, etc.

Solution or Workaround

The issue can be resolved by upgrading to the ArcGIS License Manager 2019.0, which includes FNP, the version in which these vulnerabilities have been addressed.

Article ID:000020163

Get help from ArcGIS experts

Contact technical support

Download the Esri Support App

Go to download options

Discover more on this topic