← Voltar para CVEs
CVE-2018-20033
CRITICAL9.8
Descricao
A Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier could allow a remote attacker to corrupt the memory by allocating / deallocating memory, loading lmgrd or the vendor daemon and causing the heartbeat between lmgrd and the vendor daemon to stop. This would force the vendor daemon to shut down. No exploit of this vulnerability has been demonstrated.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado2/25/2019
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
flexera:flexnet_publisheroracle:communications_lsms
Fraquezas (CWE)
CWE-770
Referencias
http://www.securityfocus.com/bid/109155(PSIRT-CNA@flexerasoftware.com)
https://secuniaresearch.flexerasoftware.com/advisories/85979/(PSIRT-CNA@flexerasoftware.com)
https://www.oracle.com/security-alerts/cpuoct2021.html(PSIRT-CNA@flexerasoftware.com)
http://www.securityfocus.com/bid/109155(af854a3a-2127-422b-91ae-364da2661108)
https://secuniaresearch.flexerasoftware.com/advisories/85979/(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuoct2021.html(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.