← Retour aux CVEs

CVE-2018-20033

CRITICAL

9.8

Description

A Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier could allow a remote attacker to corrupt the memory by allocating / deallocating memory, loading lmgrd or the vendor daemon and causing the heartbeat between lmgrd and the vendor daemon to stop. This would force the vendor daemon to shut down. No exploit of this vulnerability has been demonstrated.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie2/25/2019

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

flexera:flexnet_publisheroracle:communications_lsms

Faiblesses (CWE)

CWE-770

References

http://www.securityfocus.com/bid/109155(PSIRT-CNA@flexerasoftware.com)

https://secuniaresearch.flexerasoftware.com/advisories/85979/(PSIRT-CNA@flexerasoftware.com)

https://www.oracle.com/security-alerts/cpuoct2021.html(PSIRT-CNA@flexerasoftware.com)

http://www.securityfocus.com/bid/109155(af854a3a-2127-422b-91ae-364da2661108)

https://secuniaresearch.flexerasoftware.com/advisories/85979/(af854a3a-2127-422b-91ae-364da2661108)

https://www.oracle.com/security-alerts/cpuoct2021.html(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.