BASIS logo New  
Technical Communique 
March 12, 2020
TC-20001



Product Suite Download


How Do I Remedy the Vulnerability?


  Unsure of your BASIS license version or if it's covered by SAM?


Check That the New Secure BLM in Installed and Running



Staying Connected





BASIS International Ltd. announces the release of its updated BASIS License Manager (BLM), revision 20, which addresses multiple security vulnerabilities in the underlying third-party FlexNet Publisher software component of the BLM. All prior versions of the BLM, used by PRO/5, Visual PRO/5, and BBj are vulnerable to these exploits in FlexNet Publisher . These have been corrected by FlexNet Publisher (formerly known as FLEXlm) and revision 20 of the BLM incorporates these fixes and is being made available now in advance of the release of BBj 20.0 and BBx 20.


Download and install the new more secure BLM today by choosing BLM from the Product Selector on the download page and select the latest version.

 
  remedy How Do I remedy the Vulnerability?
Previous versions of the BLM are affected by several denials of service and remote code execution vulnerabilities in Flexera Flexnet. The new BLM 20.0 incorporates the latest security fixes and is backward compatible with older BBj, Visual PRO/5, and PRO/5 interpreters

There is no need to upgrade your BASIS interpreter (BBj, PRO/5, or Visual PRO/5)

Resolving these critical vulnerabilities is simple for those whose BASIS serial numbers are covered by SAM (Software Asset Management):
  • Ensure that you have a version 20 or later BASIS license (see below to confirm)
  • If you have a version 20 or higher BASIS license, download and install the latest version of the BLM, which addresses these vulnerabilities.
Unsure Unsure of your BASIS license version or if it's covered by SAM?
Review the FEATURE lines in your license's text file which can be found in the BLM directory. The file has a .lic suffix. The version of the BASIS license can be found on the BBJ FEATURE line after the word "basis":

For Example - 
FEATURE  BBJ basis 20.0 31-mar-2020 50 7726CDE958DD VENDOR_STRING=EWF 
FEATURE SoftwareAssetManagement basis 20.0  31-jul-2020

The BBJ FEATURE powers BBj, PRO/5 and Visual PRO/5 interpreter sessions, and ODBC and JDBC connections. The 20.0 in the example above tells us that it's ready to use the new BLM.

If the SAM Feature line is present and the date on the feature line is current and your license has not yet been updated to version 20, do one of the following:

1. Run 'Register for a License' from the BASIS shortcut or from the BASIS Admin tool.
2. Execute the UPDATELIC verb from within an interpreter session.

For those whose serial numbers are NOT currently protected by SAM coverage, please contact
your BASIS Account Manager to upgrade your license in order to run BLM 20.0 with its security updates. The BLM 20.0 requires a BASIS license of at least version 20 in order to function.
CheckCheck That the New Secure BLM is Installed and Running
Check for the existence of a log file in the BLM directory: /<BLMHome>/log/basis.log

The new BLM (version 20) will create this log file when it starts. If the BLM has been started and the basis.log file doesn't exist, you're not running a version 20 or above version of the BLM. A successful start with a valid license will show a log entry in the file similar to this:

**** Thu Mar 12 09:33:25 2020 ****
**** BLM License version 20, requires license with FEATURE BBJ 20 or higher. ****

An unsuccessful start will show an additional log entry in the file similar to this if the version isn't at least 20:

**** License version 20 required, BBj feature version found was 19. ****

Or this if the feature line is missing:

**** License version 20 required, BBj feature not found. ****
Staying Staying Connected with the BASIS Advantage
The BASIS International Advantage
Dig into the wealth of information in this technical publication. Click HERE to read the articles online or download them to your device of choice.

Communications
For current information, be sure to subscribe to all BASIS announcements and join our discussion forums.
View our videos on YouTube Like us on Facebook Follow us on Twitter View our profile on LinkedIn 

BBj, BBx, AddonSoftware, and Barista are registered trademarks of BASIS International Ltd.