Security Issues Resolved in 2024.12
The following issue related to FlexNet Operations security was addressed in the 2024.12 release.
Input Sanitization
(Case 02889178, SWM-22286)
Certain user input fields are now thoroughly sanitized to prevent potential security vulnerabilities. The following special or malicious characters are no longer allowed in these input fields to protect against injection attacks and ensure data consistency:
[ : < > { } @ ; = \ , ! / | ? " # $ % ~ ^ ` ' ]
This table details the fields and their pages in which the special characters are no longer allowed:
|
Page Name |
Validated Fields |
Location |
||||||||||||
|
Package Products - License Models | Create a License Model |
|
Administer > License Models > Create new license model |
||||||||||||
|
Create License Generator Configuration |
|
Administer > License Generators > Add a license generator configuration |
||||||||||||
|
Package Products | Create a Suite |
|
Products > Suites > Add new Suite |
||||||||||||
|
Edit Role |
|
Accounts & Users > All Roles > add/edit role |
When a user tries to enter a prohibited character in any of the fields listed in the table and tries to save their changes, the following error message is displayed:
The field [<FieldName1>,<FieldName2>] contains the following illegal characters: [:<>{}@;=\,!/|?"#$%~^`']. Remove these characters before saving.