Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-20033

A Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier could allow a remote attacker to corrupt the memory by allocating / deallocating memory, loading lmgrd or the vendor daemon and causing the heartbeat between lmgrd and the vendor daemon to stop. This would force the vendor daemon to shut down. No exploit of this vulnerability has been demonstrated.

Published

2019-02-25T20:29:00.233

Last Modified

2024-11-21T04:00:48.007

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-770

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	flexera	flexnet_publisher	≤ 11.16.1.0	Yes
Application	oracle	communications_lsms	≤ 13.4	Yes

References

http://www.securityfocus.com/bid/109155 Broken Link ([email protected])
https://secuniaresearch.flexerasoftware.com/advisories/85979/ Not Applicable, Vendor Advisory ([email protected])
https://www.oracle.com/security-alerts/cpuoct2021.html Patch, Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/109155 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://secuniaresearch.flexerasoftware.com/advisories/85979/ Not Applicable, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuoct2021.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)