{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-15T09:27:37.128","vulnerabilities":[{"cve":{"id":"CVE-2020-14515","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2020-09-16T20:15:13.567","lastModified":"2024-11-21T05:03:26.193","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected."},{"lang":"es","value":"CodeMeter (todas las versiones anteriores a 6.90 cuando se utilizan archivos de actualización con CmActLicense Firm Code) presenta un problema en el mecanismo de comprobación de firmas de archivos de licencia, que permite a atacantes crear archivos de licencia arbitrarios, incluyendo la falsificación de un archivo de licencia válido como si fuera un archivo de licencia válido de un proveedor existente. Solo están afectados los archivos de actualización de CmActLicense con CmActLicense Firm Code"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-347"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wibu:codemeter:*:*:*:*:*:*:*:*","versionEndExcluding":"6.90","matchCriteriaId":"04ECF3CE-FA64-4B81-B769-84844ED87CF7"}]}]}],"references":[{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}}]}