CyberSec.Space Logo
Back to CVE Browser

CVE-2018-20033

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0350%
EPSS Percentile26.50th
PublishedFeb 25, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

A Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier could allow a remote attacker to corrupt the memory by allocating / deallocating memory, loading lmgrd or the vendor daemon and causing the heartbeat between lmgrd and the vendor daemon to stop. This would force the vendor daemon to shut down. No exploit of this vulnerability has been demonstrated.

Affected Platforms (CPE)

πŸ“¦
Flexera

Flexnet Publisher

<= 11.16.1.0
πŸ“¦
Oracle

Communications Lsms

>= 13.1 and <= 13.4

References & Advisories

πŸ”— http://www.securityfocus.com/bid/109155
πŸ”— https://secuniaresearch.flexerasoftware.com/advisories/85979/
πŸ”— https://www.oracle.com/security-alerts/cpuoct2021.html
πŸ”— http://www.securityfocus.com/bid/109155
πŸ”— https://secuniaresearch.flexerasoftware.com/advisories/85979/
πŸ”— https://www.oracle.com/security-alerts/cpuoct2021.html

Related Vulnerabilities

CVE-2011-413510.0

Multiple directory traversal vulnerabilities in lmgrd in Flexera FlexNet Publisher 11.10 (aka FlexNet License Server Manager) allo...

CVE-2011-413410.0

Heap-based buffer overflow in lmadmin in Flexera FlexNet Publisher 11.10 (aka FlexNet License Server Manager) allows remote attack...

CVE-2015-82779.8

Multiple buffer overflows in (1) lmgrd and (2) Vendor Daemon in Flexera FlexNet Publisher before 11.13.1.2 Security Update 1 allow...

CVE-2016-103957.8

In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform, a boun...