CVE-2018-20033

CWE-770 — Allocation without Limits3 documents3 sources

Severity

9.8CRITICAL

EPSS

4.4%

top 11.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Flexera Flexnet Publisher Oracle Communications Lsms Flexera Software LLC Flexnet Publisher

Timeline

PublishedFeb 25

Latest updateMay 13

Description

A Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier could allow a remote attacker to corrupt the memory by allocating / deallocating memory, loading lmgrd or the vendor daemon and causing the heartbeat between lmgrd and the vendor daemon to stop. This would force the vendor daemon to shut down. No exploit of this vulnerability has been demonstrated.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDflexera/flexnet_publisher11.16.1.0

▶CVEListV5flexera_software_llc/flexnet_publisher11.16.1.0 and earlier

▶NVDoracle/communications_lsms13.1 — 13.4

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-3jq8-j7q6-f6m6: A Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11↗2022-05-13

▶

CVEList

CVE-2018-20033: A Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11↗2019-02-25

▶