CVE-2018-20033
CRITICALFlexNet Publisher < 11.16.1.0 - Remote Code Execution via Memory Corruption
Title source: llmDescription
A Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier could allow a remote attacker to corrupt the memory by allocating / deallocating memory, loading lmgrd or the vendor daemon and causing the heartbeat between lmgrd and the vendor daemon to stop. This would force the vendor daemon to shut down. No exploit of this vulnerability has been demonstrated.
References (3)
Core 3
Core References
Not Applicable, Vendor Advisory third-party-advisory
x_refsource_secunia
https://secuniaresearch.flexerasoftware.com/advisories/85979/
Broken Link vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/109155
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuoct2021.html
Scores
CVSS v3
9.8
EPSS
0.0367
EPSS Percentile
88.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-770
Status
published
Products (2)
flexera/flexnet_publisher
< 11.16.1.0
oracle/communications_lsms
13.1 - 13.4
Published
Feb 25, 2019
Tracked Since
Feb 18, 2026