cbcvebase.
CVE-2011-4135
published 2012-01-19

CVE-2011-4135: Multiple directory traversal vulnerabilities in lmgrd in Flexera FlexNet Publisher 11.10 (aka FlexNet License Server Manager) allow remote attackers to execute…

PriorityP268critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
31.86%
98.1th percentile
Multiple directory traversal vulnerabilities in lmgrd in Flexera FlexNet Publisher 11.10 (aka FlexNet License Server Manager) allow remote attackers to execute arbitrary code via vectors related to save, rename, and load operations on log files. NOTE: this might overlap CVE-2011-1389.

Affected

9 ranges
VendorProductVersion rangeFixed in
flexerasoftwareflexnet_publisher
ibmrational_license_key_server
ibmrational_license_key_server
ibmrational_license_key_server
ibmrational_license_key_server
ibmrational_license_server
ibmrational_license_server
ibmrational_license_server
ibmtelelogic_license_server

Detection & IOCsextracted from sources · hover to see the quote

port27000
processlmgrd
  • Monitor for directory traversal sequences in network traffic directed at the vendor daemon / license server (save, rename, load operations on log files)
  • Detect high-volume repeated connections to the lmgrd service from a single source, as the exploit makes many connections per attempt to maximize reliability
  • Inspect network packets to lmgrd for oversized payloads indicative of a stack buffer overflow triggered via unsafe memcpy
  • ·CVE-2011-4135 may overlap with CVE-2011-1389; both relate to the same vendor daemon / license server components and should be treated as potentially the same vulnerability class
  • ·Affected products span multiple IBM Rational license server product lines and versions; ensure coverage across Telelogic License Server 2.0, Rational License Server 7.x, and RLKS 8.0–8.1.2
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.