Vulnerability Disclosure Statement - OpenLM

Skip to content

Upcoming Webinar: Register now >>

Jun 18

10:00 am - 5:00 pm UTC

Streamlining Software License Management for the Oil & Gas Industry

Solutions
Products

OpenLM Software Asset Management (SAM)

OpenLM Analytics

OpenLM SaaS Management

License Parser

OneDirectorySync

LDAP Connector

Virtual License Manager – VLM

Dongle Monitoring

Features

Actual Usage

Custom Commands

Directory Sync

Dongle Monitoring

Group Usage

License Access Control

License Files Management

License Harvesting

License Server Monitoring

OpenLM Alerts

OpenLM Audit

OpenLM Compliance

OpenLM Projects

OpenLM Reporting Hub

OpenLM Subscription Optimizer

Process Monitoring

Project Usage

Software Asset Management

Third Party Integrations

Unmanaged processes

Website Monitoring

Services

OpenLM Professional Services

OpenLM Managed Services

OpenLM BI Services

OpenLM Engineering License Management Services

OpenLM Consultancy Services

Industries

Animation and VFX

Automotive

Media

Oil & Gas

1 event found.

Today
Select date.

Jun 18

10:00 am - 5:00 pm

Streamlining Software License Management for the Oil & Gas Industry

Previous Events

Today

Next Events

Google Calendar

iCalendar

Outlook 365

Outlook Live

Export .ics file

Export Outlook .ics file

Start Free Trial

Book a Demo

Documentation

Contact Support
Pricing
Supported Software
Resources
Learning

Blog

Case studies

White papers

Webinars

Downloads

Comparisons

System requirements

Documentation

Release notes

Testimonials

Training courses

Learning Center

Press releases

Company

About

Career

Contact

AI in software license management: Benefits and challenges

In the rapidly evolving landscape of software, businesses are increasingly reliant on a diverse portfolio of applications to drive innovation

Read More »

Start Free Trial

Book a Demo

Documentation

Contact Support
Partner Program

Search for:
EN
- Japan
- French
Login
- US Cloud
- EU Cloud

Search for:
EN
- Japan
- French
Login
- US Cloud
- EU Cloud

Create an Account

Search

Create an Account

Solutions
Pricing
Supported Software
Resources
About
- About Us
- Our Team
- Careers
- Contact Us
Create an Account

Solutions
Pricing
Supported Software
Resources
About
- About Us
- Our Team
- Careers
- Contact Us
Create an Account

Vulnerability Disclosure Statement

Overview

Date of Disclosure: 22-05-2025

OpenLM is issuing this disclosure to inform clients about a known vulnerability in a third-party dependency used within main components of our licensed software product. The affected third-party dependency is the System.Text.Json library (version 6.0.0), which has been identified with a security vulnerability (CVE-2024-43485) by Microsoft.

While OpenLM does not develop or maintain this dependency directly, it is bundled within main components of our product. This issue will be fully addressed in the upcoming release of the main components, where the vulnerable dependency will be upgraded to a secure version.

We are issuing this disclosure in the interest of transparency, customer security, and responsible vulnerability management.

Affected Products/Services

Product/Service Name	Version(s) Affected	Status
Main Components	Versions using System.Text.Json 6.0.0	Update In Progress

Vulnerability Summary

CVE Identifier (if applicable): CVE-2024-43485
Vulnerability Type: Denial of Service (DoS)
CVSS Score: 7.5 High (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Discovered by: Microsoft Security Response Center (MSRC)
Discovery Date: 2024-10-08

Technical details

Description: A vulnerability exists in System.Text.Json version 6.0.0, which could allow an attacker to trigger a denial-of-service (DoS) condition by submitting a specially crafted JSON payload. This affects applications that use the serializer to process untrusted JSON inputs.
Impact: If exploited, this issue could result in high CPU usage, unresponsiveness, or crashes, potentially disrupting operations.

Mitigation & Resolution

Resolution Date: Planned for next patched version release
Remediation Actions: OpenLM has audited the usage of System.Text.Json within our main components and confirmed the vulnerability. We are actively working on:

Updating the affected dependency to version 6.0.10 or later.
Releasing a patched version that includes the secure version of the library.

This fix will be included in the next official release of the main components. Clients will be notified as soon as the updated version is available.

User Action Required: No immediate action required for customers who wait for the upcoming release.

Acknowledgement

OpenLM thanks the Microsoft Security Response Center for identifying and documenting this vulnerability, and our internal engineering team for auditing and addressing the issue.

Reference

Microsoft CVE: CVE-2024-43485

NVD CVE Entry

OpenLM Learning

Search

Search

About Us
Contact Us

Twitter Facebook-f Youtube Linkedin

Products

Software License Management Cloud
OpenLM Academic Program
OpenLM License Allocation Manager
OpenLM Directory Sync
OpenLM Applications Manager
OpenLM Features

Software License Management Cloud
OpenLM Academic Program
OpenLM License Allocation Manager
OpenLM Directory Sync
OpenLM Applications Manager
OpenLM Features

What We Support

CAD MANAGER TOOLS
Supported License Managers
Supported Software & Vendors
License Manager Hosted (LMH)
OpenLM for Autodesk – A practical guide
OpenLM Token-based licenses
What is Sentinel HASP
OpenLM Solution for Bentley

CAD MANAGER TOOLS
Supported License Managers
Supported Software & Vendors
License Manager Hosted (LMH)
OpenLM for Autodesk – A practical guide
OpenLM Token-based licenses
What is Sentinel HASP
OpenLM Solution for Bentley

Resources

Downloads
Documentation
Release Notes
Blog
Case Studies
Testimonials
Developers
OpenLM Newsletter
Webinar
Vulnerability Disclosure Statement

Downloads
Documentation
Release Notes
Blog
Case Studies
Testimonials
Developers
OpenLM Newsletter
Webinar
Vulnerability Disclosure Statement

Company

About Us
Careers
Contact Us
OpenLM Partners
GSA Contact Holder
Privacy Policy
OpenLM End User License Agreement

About Us
Careers
Contact Us
OpenLM Partners
GSA Contact Holder
Privacy Policy
OpenLM End User License Agreement

Copyright © 2025 OpenLM | All Rights Reserved

Manage Cookie Consent

To provide the best experiences, we and our partners use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us and our partners to process personal data such as browsing behavior or unique IDs on this site and show (non-) personalized ads. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Click below to consent to the above or make granular choices. Your choices will be applied to this site only. You can change your settings at any time, including withdrawing your consent, by using the toggles on the Cookie Policy, or by clicking on the manage consent button at the bottom of the screen.

Functional Functional Always active

The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.

Preferences Preferences

The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.

Statistics Statistics

The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.

Marketing Marketing

The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.

Statistics

Marketing

Features

Always active

Always active

Manage options Manage services Manage {vendor_count} vendors Read more about these purposes

View preferences

{title} {title} {title}

Manage Cookie Consent

To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Functional Functional Always active

The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.

Preferences Preferences

The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.

Statistics Statistics

The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.

Marketing Marketing

The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.

Statistics

Marketing

Features

Always active

Always active

Manage options Manage services Manage {vendor_count} vendors Read more about these purposes

View preferences

{title} {title} {title}

Skip to content

Accessibility Tools

Increase Text
Decrease Text
Grayscale
High Contrast
Negative Contrast
Light Background
Links Underline
Readable Font
Reset