Vulnerabilites related to flexera - flexnet_publisher
Vulnerability from fkie_nvd
Published
2023-03-29 21:15
Modified
2025-02-19 18:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A Denial of Service (DoS) vulnerability was discovered in FlexNet Publisher's lmadmin 11.16.5, when doing a crafted POST request on lmadmin using the web-based tool.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| flexera | flexnet_publisher | 11.16.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flexera:flexnet_publisher:11.16.5:*:*:*:*:*:*:*",
"matchCriteriaId": "392E1CF7-00A2-4E24-90AC-48D207D680E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Denial of Service (DoS) vulnerability was discovered in FlexNet Publisher\u0027s lmadmin 11.16.5, when doing a crafted POST request on lmadmin using the web-based tool."
}
],
"id": "CVE-2019-8963",
"lastModified": "2025-02-19T18:15:20.310",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-03-29T21:15:07.753",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8963-Remediated-in-FlexNet-Publisher/ta-p/148768"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8963-Remediated-in-FlexNet-Publisher/ta-p/148768"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-21 21:29
Modified
2024-11-21 04:00
Severity ?
Summary
A Denial of Service vulnerability related to preemptive item deletion in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| PSIRT-CNA@flexerasoftware.com | http://www.securityfocus.com/bid/109155 | Broken Link | |
| PSIRT-CNA@flexerasoftware.com | https://secuniaresearch.flexerasoftware.com/advisories/85979/ | Not Applicable, Vendor Advisory | |
| PSIRT-CNA@flexerasoftware.com | https://www.oracle.com/security-alerts/cpuoct2021.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/109155 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://secuniaresearch.flexerasoftware.com/advisories/85979/ | Not Applicable, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuoct2021.html | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| flexera | flexnet_publisher | * | |
| oracle | communications_lsms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flexera:flexnet_publisher:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7C03AE-8A93-4E82-B1EC-CEB6C4402FDF",
"versionEndIncluding": "11.16.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_lsms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "806AF4AF-12FB-4222-84E4-BC9D44EFF09F",
"versionEndIncluding": "13.4",
"versionStartIncluding": "13.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Denial of Service vulnerability related to preemptive item deletion in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down."
},
{
"lang": "es",
"value": "Una vulnerabilidad de denegaci\u00f3n de servicio (DoS) relacionada con la eliminaci\u00f3n de \u00edtems preferentes en los componentes del demonio lmgrd y del fabricante de FlexNet Publisher, en versiones 11.16.1.0 y anteriores, permite que un atacante remoto env\u00ede una combinaci\u00f3n de mensajes a los demonios lmgrd o del fabricante, haciendo que el latido entre los demonios lmgrd y del fabricante se detengan y el demonio del fabricante se cierre."
}
],
"id": "CVE-2018-20031",
"lastModified": "2024-11-21T04:00:47.747",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-21T21:29:00.310",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/109155"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://secuniaresearch.flexerasoftware.com/advisories/85979/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/109155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://secuniaresearch.flexerasoftware.com/advisories/85979/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-31 17:15
Modified
2024-11-21 04:59
Severity ?
Summary
An information disclosure vulnerability has been identified in FlexNet Publisher lmadmin.exe 11.14.0.2. The web portal link can be used to access to system files or other important files on the system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| flexera | flexnet_publisher | 11.14.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flexera:flexnet_publisher:11.14.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A04407DD-0722-4932-B420-4431E529DCEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability has been identified in FlexNet Publisher lmadmin.exe 11.14.0.2. The web portal link can be used to access to system files or other important files on the system."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en FlexNet Publisher lmadmin.exe versi\u00f3n 11.14.0.2. El enlace del portal web puede ser usado para acceder a los archivos del sistema u otros archivos importantes en el sistema"
}
],
"id": "CVE-2020-12081",
"lastModified": "2024-11-21T04:59:14.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-31T17:15:13.123",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2020-12081-Remediated-in-FlexNet-Publisher/ta-p/153505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2020-12081-Remediated-in-FlexNet-Publisher/ta-p/153505"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-21 21:29
Modified
2024-11-21 04:00
Severity ?
Summary
A Denial of Service vulnerability related to message decoding in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| PSIRT-CNA@flexerasoftware.com | http://www.securityfocus.com/bid/109155 | Broken Link | |
| PSIRT-CNA@flexerasoftware.com | https://secuniaresearch.flexerasoftware.com/advisories/85979/ | Not Applicable, Vendor Advisory | |
| PSIRT-CNA@flexerasoftware.com | https://www.oracle.com/security-alerts/cpuoct2021.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/109155 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://secuniaresearch.flexerasoftware.com/advisories/85979/ | Not Applicable, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuoct2021.html | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| flexera | flexnet_publisher | * | |
| oracle | communications_lsms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flexera:flexnet_publisher:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7C03AE-8A93-4E82-B1EC-CEB6C4402FDF",
"versionEndIncluding": "11.16.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_lsms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "806AF4AF-12FB-4222-84E4-BC9D44EFF09F",
"versionEndIncluding": "13.4",
"versionStartIncluding": "13.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Denial of Service vulnerability related to message decoding in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down."
},
{
"lang": "es",
"value": "Una vulnerabilidad de denegaci\u00f3n de servicio (DoS) relacionada con el descifrado de mensajes en los componentes del demonio lmgrd y del fabricante de FlexNet Publisher, en versiones 11.16.1.0 y anteriores, permite que un atacante remoto env\u00ede una combinaci\u00f3n de mensajes a los demonios lmgrd o del fabricante, haciendo que el latido entre los demonios lmgrd y del fabricante se detengan y el demonio del fabricante se cierre."
}
],
"id": "CVE-2018-20032",
"lastModified": "2024-11-21T04:00:47.880",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-21T21:29:00.357",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/109155"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://secuniaresearch.flexerasoftware.com/advisories/85979/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/109155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://secuniaresearch.flexerasoftware.com/advisories/85979/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-21 15:15
Modified
2024-11-21 04:50
Severity ?
Summary
A Denial of Service vulnerability related to stack exhaustion has been identified in FlexNet Publisher lmadmin.exe 11.16.2. Because the message reading function calls itself recursively given a certain condition in the received message, an unauthenticated remote attacker can repeatedly send messages of that type to cause a stack exhaustion condition.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| flexera | flexnet_publisher | 11.16.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flexera:flexnet_publisher:11.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "95A119D7-F1C2-4F65-925F-CF0EF44B58CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Denial of Service vulnerability related to stack exhaustion has been identified in FlexNet Publisher lmadmin.exe 11.16.2. Because the message reading function calls itself recursively given a certain condition in the received message, an unauthenticated remote attacker can repeatedly send messages of that type to cause a stack exhaustion condition."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad de denegaci\u00f3n de servicio relacionada con un agotamiento de pila (stack) en lmadmin.exe de FlexNet Publisher versi\u00f3n 11.16.2. Dado que la funci\u00f3n de lectura de mensajes se llama a s\u00ed misma de forma recursiva dada una determinada condici\u00f3n en el mensaje recibido, un atacante remoto no autenticado puede enviar mensajes repetidas veces de ese tipo para causar una condici\u00f3n de agotamiento de pila (stack)."
}
],
"id": "CVE-2019-8961",
"lastModified": "2024-11-21T04:50:44.477",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-21T15:15:14.443",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8961-remediated-in-FlexNet-Publisher/ta-p/124601/jump-to/first-unread-message"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8961-remediated-in-FlexNet-Publisher/ta-p/124601/jump-to/first-unread-message"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-02-25 20:29
Modified
2024-11-21 04:00
Severity ?
Summary
A Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier could allow a remote attacker to corrupt the memory by allocating / deallocating memory, loading lmgrd or the vendor daemon and causing the heartbeat between lmgrd and the vendor daemon to stop. This would force the vendor daemon to shut down. No exploit of this vulnerability has been demonstrated.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| PSIRT-CNA@flexerasoftware.com | http://www.securityfocus.com/bid/109155 | Broken Link | |
| PSIRT-CNA@flexerasoftware.com | https://secuniaresearch.flexerasoftware.com/advisories/85979/ | Not Applicable, Vendor Advisory | |
| PSIRT-CNA@flexerasoftware.com | https://www.oracle.com/security-alerts/cpuoct2021.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/109155 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://secuniaresearch.flexerasoftware.com/advisories/85979/ | Not Applicable, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuoct2021.html | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| flexera | flexnet_publisher | * | |
| oracle | communications_lsms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flexera:flexnet_publisher:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7C03AE-8A93-4E82-B1EC-CEB6C4402FDF",
"versionEndIncluding": "11.16.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_lsms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "806AF4AF-12FB-4222-84E4-BC9D44EFF09F",
"versionEndIncluding": "13.4",
"versionStartIncluding": "13.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier could allow a remote attacker to corrupt the memory by allocating / deallocating memory, loading lmgrd or the vendor daemon and causing the heartbeat between lmgrd and the vendor daemon to stop. This would force the vendor daemon to shut down. No exploit of this vulnerability has been demonstrated."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en los componentes de lmgrd y del demonio del fabricante en FlexNet Publisher, en versiones 11.16.1.0 y anteriores, podr\u00eda permitir que un atacante remoto corrompa la memoria asignando/desasignando memoria, cargando lmgrd o el demonio del fabricante y provocando que el latido entre lmgrd y el demonio del fabricante se detenga. Esto forzar\u00eda el cierre del demonio del fabricante. No se han demostrado explotaciones de esta vulnerabilidad."
}
],
"id": "CVE-2018-20033",
"lastModified": "2024-11-21T04:00:48.007",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-25T20:29:00.233",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/109155"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://secuniaresearch.flexerasoftware.com/advisories/85979/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/109155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://secuniaresearch.flexerasoftware.com/advisories/85979/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-17 18:15
Modified
2024-11-21 04:59
Severity ?
Summary
A Denial of Service vulnerability has been identified in FlexNet Publisher's lmadmin.exe version 11.16.6. A certain message protocol can be exploited to cause lmadmin to crash.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| flexera | flexnet_publisher | 11.16.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flexera:flexnet_publisher:11.16.6:*:*:*:*:*:*:*",
"matchCriteriaId": "329CC453-B7F5-4F2D-BCA2-09EB3147F432",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Denial of Service vulnerability has been identified in FlexNet Publisher\u0027s lmadmin.exe version 11.16.6. A certain message protocol can be exploited to cause lmadmin to crash."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad de denegaci\u00f3n de servicio en el archivo lmadmin.exe de FlexNet Publisher versi\u00f3n 11.16.6. Un determinado protocolo de mensajes puede ser explotado para causar un bloqueo de lmadmin"
}
],
"id": "CVE-2020-12080",
"lastModified": "2024-11-21T04:59:14.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-17T18:15:07.737",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2020-12080-Remediated-in-FlexNet-Publisher/ta-p/143873"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://community.flexera.com/t5/FlexNet-Publisher-News/FlexNet-Publisher-2020-R2-11-17-0-is-here/ba-p/144017/jump-to/first-unread-message"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2020-28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2020-12080-Remediated-in-FlexNet-Publisher/ta-p/143873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://community.flexera.com/t5/FlexNet-Publisher-News/FlexNet-Publisher-2020-R2-11-17-0-is-here/ba-p/144017/jump-to/first-unread-message"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2020-28"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-21 21:29
Modified
2024-11-21 04:00
Severity ?
Summary
A Denial of Service vulnerability related to adding an item to a list in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| PSIRT-CNA@flexerasoftware.com | http://www.securityfocus.com/bid/109155 | Broken Link | |
| PSIRT-CNA@flexerasoftware.com | https://secuniaresearch.flexerasoftware.com/advisories/85979/ | Not Applicable, Vendor Advisory | |
| PSIRT-CNA@flexerasoftware.com | https://www.oracle.com/security-alerts/cpuoct2021.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/109155 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://secuniaresearch.flexerasoftware.com/advisories/85979/ | Not Applicable, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuoct2021.html | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| flexera | flexnet_publisher | * | |
| oracle | communications_lsms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flexera:flexnet_publisher:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7C03AE-8A93-4E82-B1EC-CEB6C4402FDF",
"versionEndIncluding": "11.16.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_lsms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "806AF4AF-12FB-4222-84E4-BC9D44EFF09F",
"versionEndIncluding": "13.4",
"versionStartIncluding": "13.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Denial of Service vulnerability related to adding an item to a list in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down."
},
{
"lang": "es",
"value": "Una vulnerabilidad de denegaci\u00f3n de servicio (DoS) relacionada con la adici\u00f3n de un \u00edtem a una lista en los componentes del demonio lmgrd y del fabricante de FlexNet Publisher, en versiones 11.16.1.0 y anteriores, permite que un atacante remoto env\u00ede una combinaci\u00f3n de mensajes a los demonios lmgrd o del fabricante, haciendo que el latido entre los demonios lmgrd y del fabricante se detengan y el demonio del fabricante se cierre."
}
],
"id": "CVE-2018-20034",
"lastModified": "2024-11-21T04:00:48.137",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-21T21:29:00.403",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/109155"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://secuniaresearch.flexerasoftware.com/advisories/85979/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/109155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://secuniaresearch.flexerasoftware.com/advisories/85979/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-21 15:15
Modified
2024-11-21 04:50
Severity ?
Summary
A Denial of Service vulnerability related to command handling has been identified in FlexNet Publisher lmadmin.exe version 11.16.2. The message reading function used in lmadmin.exe can, given a certain message, call itself again and then wait for a further message. With a particular flag set in the original message, but no second message received, the function eventually return an unexpected value which leads to an exception being thrown. The end result can be process termination.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| flexera | flexnet_publisher | 11.16.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flexera:flexnet_publisher:11.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "95A119D7-F1C2-4F65-925F-CF0EF44B58CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Denial of Service vulnerability related to command handling has been identified in FlexNet Publisher lmadmin.exe version 11.16.2. The message reading function used in lmadmin.exe can, given a certain message, call itself again and then wait for a further message. With a particular flag set in the original message, but no second message received, the function eventually return an unexpected value which leads to an exception being thrown. The end result can be process termination."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad de Denegaci\u00f3n de Servicio relacionada con el manejo de comandos en lmadmin.exe de FlexNet Publisher versi\u00f3n 11.16.2. La funci\u00f3n de lectura de mensajes usada en el archivo lmadmin.exe puede, al recibir un determinado mensaje, llamarse as\u00ed misma y luego esperar un nuevo mensaje. Con un flag particular establecido en el mensaje original, pero sin recibir un segundo mensaje, la funci\u00f3n retorna eventualmente un valor inesperado que conlleva a que una excepci\u00f3n sea arrojada. El resultado final puede ser una finalizaci\u00f3n del proceso."
}
],
"id": "CVE-2019-8960",
"lastModified": "2024-11-21T04:50:44.377",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-21T15:15:14.397",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8960-remediated-in-FlexNet-Publisher/ta-p/124598/jump-to/first-unread-message"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8960-remediated-in-FlexNet-Publisher/ta-p/124598/jump-to/first-unread-message"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2019-8963
Vulnerability from cvelistv5
Published
2023-03-29 00:00
Modified
2025-02-19 17:19
Severity ?
EPSS score ?
Summary
A Denial of Service (DoS) vulnerability was discovered in FlexNet Publisher's lmadmin 11.16.5, when doing a crafted POST request on lmadmin using the web-based tool.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:31:37.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8963-Remediated-in-FlexNet-Publisher/ta-p/148768"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-8963",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T17:17:48.356532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T17:19:18.638Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial of Service (DoS) vulnerability was discovered in FlexNet Publisher\u0027s lmadmin 11.16.5, when doing a crafted POST request on lmadmin using the web-based tool."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-29T00:00:00.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"url": "https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8963-Remediated-in-FlexNet-Publisher/ta-p/148768"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2019-8963",
"datePublished": "2023-03-29T00:00:00.000Z",
"dateReserved": "2019-02-20T00:00:00.000Z",
"dateUpdated": "2025-02-19T17:19:18.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-8961
Vulnerability from cvelistv5
Published
2020-04-21 14:20
Modified
2024-08-04 21:31
Severity ?
EPSS score ?
Summary
A Denial of Service vulnerability related to stack exhaustion has been identified in FlexNet Publisher lmadmin.exe 11.16.2. Because the message reading function calls itself recursively given a certain condition in the received message, an unauthenticated remote attacker can repeatedly send messages of that type to cause a stack exhaustion condition.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:31:37.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8961-remediated-in-FlexNet-Publisher/ta-p/124601/jump-to/first-unread-message"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial of Service vulnerability related to stack exhaustion has been identified in FlexNet Publisher lmadmin.exe 11.16.2. Because the message reading function calls itself recursively given a certain condition in the received message, an unauthenticated remote attacker can repeatedly send messages of that type to cause a stack exhaustion condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-21T14:20:52",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8961-remediated-in-FlexNet-Publisher/ta-p/124601/jump-to/first-unread-message"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2019-8961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial of Service vulnerability related to stack exhaustion has been identified in FlexNet Publisher lmadmin.exe 11.16.2. Because the message reading function calls itself recursively given a certain condition in the received message, an unauthenticated remote attacker can repeatedly send messages of that type to cause a stack exhaustion condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8961-remediated-in-FlexNet-Publisher/ta-p/124601/jump-to/first-unread-message",
"refsource": "CONFIRM",
"url": "https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8961-remediated-in-FlexNet-Publisher/ta-p/124601/jump-to/first-unread-message"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2019-8961",
"datePublished": "2020-04-21T14:20:52",
"dateReserved": "2019-02-20T00:00:00",
"dateUpdated": "2024-08-04T21:31:37.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20034
Vulnerability from cvelistv5
Published
2019-03-21 20:54
Modified
2024-08-05 11:51
Severity ?
EPSS score ?
Summary
A Denial of Service vulnerability related to adding an item to a list in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/109155 | vdb-entry, x_refsource_BID | |
| https://www.oracle.com/security-alerts/cpuoct2021.html | x_refsource_MISC | |
| https://secuniaresearch.flexerasoftware.com/advisories/85979/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Flexera Software LLC | FlexNet Publisher |
Version: 11.16.1.0 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:51:18.806Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "109155",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/109155"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://secuniaresearch.flexerasoftware.com/advisories/85979/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FlexNet Publisher",
"vendor": "Flexera Software LLC",
"versions": [
{
"status": "affected",
"version": "11.16.1.0 and earlier"
}
]
}
],
"datePublic": "2019-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Denial of Service vulnerability related to adding an item to a list in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DoS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-20T10:38:08",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "109155",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/109155"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://secuniaresearch.flexerasoftware.com/advisories/85979/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2018-20034",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FlexNet Publisher",
"version": {
"version_data": [
{
"version_value": "11.16.1.0 and earlier"
}
]
}
}
]
},
"vendor_name": "Flexera Software LLC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial of Service vulnerability related to adding an item to a list in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "109155",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/109155"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://secuniaresearch.flexerasoftware.com/advisories/85979/",
"refsource": "CONFIRM",
"url": "https://secuniaresearch.flexerasoftware.com/advisories/85979/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2018-20034",
"datePublished": "2019-03-21T20:54:28",
"dateReserved": "2018-12-10T00:00:00",
"dateUpdated": "2024-08-05T11:51:18.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20031
Vulnerability from cvelistv5
Published
2019-03-21 20:47
Modified
2024-08-05 11:51
Severity ?
EPSS score ?
Summary
A Denial of Service vulnerability related to preemptive item deletion in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/109155 | vdb-entry, x_refsource_BID | |
| https://www.oracle.com/security-alerts/cpuoct2021.html | x_refsource_MISC | |
| https://secuniaresearch.flexerasoftware.com/advisories/85979/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Flexera Software LLC | FlexNet Publisher |
Version: 11.16.1.0 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:51:18.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "109155",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/109155"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://secuniaresearch.flexerasoftware.com/advisories/85979/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FlexNet Publisher",
"vendor": "Flexera Software LLC",
"versions": [
{
"status": "affected",
"version": "11.16.1.0 and earlier"
}
]
}
],
"datePublic": "2019-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Denial of Service vulnerability related to preemptive item deletion in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DoS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-20T10:38:05",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "109155",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/109155"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://secuniaresearch.flexerasoftware.com/advisories/85979/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2018-20031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FlexNet Publisher",
"version": {
"version_data": [
{
"version_value": "11.16.1.0 and earlier"
}
]
}
}
]
},
"vendor_name": "Flexera Software LLC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial of Service vulnerability related to preemptive item deletion in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "109155",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/109155"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://secuniaresearch.flexerasoftware.com/advisories/85979/",
"refsource": "CONFIRM",
"url": "https://secuniaresearch.flexerasoftware.com/advisories/85979/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2018-20031",
"datePublished": "2019-03-21T20:47:53",
"dateReserved": "2018-12-10T00:00:00",
"dateUpdated": "2024-08-05T11:51:18.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12080
Vulnerability from cvelistv5
Published
2021-09-17 17:45
Modified
2024-08-04 11:48
Severity ?
EPSS score ?
Summary
A Denial of Service vulnerability has been identified in FlexNet Publisher's lmadmin.exe version 11.16.6. A certain message protocol can be exploited to cause lmadmin to crash.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:58.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2020-28"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2020-12080-Remediated-in-FlexNet-Publisher/ta-p/143873"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.flexera.com/t5/FlexNet-Publisher-News/FlexNet-Publisher-2020-R2-11-17-0-is-here/ba-p/144017/jump-to/first-unread-message"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial of Service vulnerability has been identified in FlexNet Publisher\u0027s lmadmin.exe version 11.16.6. A certain message protocol can be exploited to cause lmadmin to crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-13T15:26:49",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2020-28"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2020-12080-Remediated-in-FlexNet-Publisher/ta-p/143873"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.flexera.com/t5/FlexNet-Publisher-News/FlexNet-Publisher-2020-R2-11-17-0-is-here/ba-p/144017/jump-to/first-unread-message"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2020-12080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial of Service vulnerability has been identified in FlexNet Publisher\u0027s lmadmin.exe version 11.16.6. A certain message protocol can be exploited to cause lmadmin to crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2020-28",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2020-28"
},
{
"name": "https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2020-12080-Remediated-in-FlexNet-Publisher/ta-p/143873",
"refsource": "CONFIRM",
"url": "https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2020-12080-Remediated-in-FlexNet-Publisher/ta-p/143873"
},
{
"name": "https://community.flexera.com/t5/FlexNet-Publisher-News/FlexNet-Publisher-2020-R2-11-17-0-is-here/ba-p/144017/jump-to/first-unread-message",
"refsource": "CONFIRM",
"url": "https://community.flexera.com/t5/FlexNet-Publisher-News/FlexNet-Publisher-2020-R2-11-17-0-is-here/ba-p/144017/jump-to/first-unread-message"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2020-12080",
"datePublished": "2021-09-17T17:45:12",
"dateReserved": "2020-04-23T00:00:00",
"dateUpdated": "2024-08-04T11:48:58.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20032
Vulnerability from cvelistv5
Published
2019-03-21 20:52
Modified
2024-08-05 11:51
Severity ?
EPSS score ?
Summary
A Denial of Service vulnerability related to message decoding in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/109155 | vdb-entry, x_refsource_BID | |
| https://www.oracle.com/security-alerts/cpuoct2021.html | x_refsource_MISC | |
| https://secuniaresearch.flexerasoftware.com/advisories/85979/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Flexera Software LLC | FlexNet Publisher |
Version: 11.16.1.0 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:51:18.821Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "109155",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/109155"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://secuniaresearch.flexerasoftware.com/advisories/85979/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FlexNet Publisher",
"vendor": "Flexera Software LLC",
"versions": [
{
"status": "affected",
"version": "11.16.1.0 and earlier"
}
]
}
],
"datePublic": "2019-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Denial of Service vulnerability related to message decoding in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DoS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-20T10:38:06",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "109155",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/109155"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://secuniaresearch.flexerasoftware.com/advisories/85979/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2018-20032",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FlexNet Publisher",
"version": {
"version_data": [
{
"version_value": "11.16.1.0 and earlier"
}
]
}
}
]
},
"vendor_name": "Flexera Software LLC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial of Service vulnerability related to message decoding in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "109155",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/109155"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://secuniaresearch.flexerasoftware.com/advisories/85979/",
"refsource": "CONFIRM",
"url": "https://secuniaresearch.flexerasoftware.com/advisories/85979/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2018-20032",
"datePublished": "2019-03-21T20:52:17",
"dateReserved": "2018-12-10T00:00:00",
"dateUpdated": "2024-08-05T11:51:18.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12081
Vulnerability from cvelistv5
Published
2020-07-31 16:55
Modified
2024-08-04 11:48
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability has been identified in FlexNet Publisher lmadmin.exe 11.14.0.2. The web portal link can be used to access to system files or other important files on the system.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:58.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2020-12081-Remediated-in-FlexNet-Publisher/ta-p/153505"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability has been identified in FlexNet Publisher lmadmin.exe 11.14.0.2. The web portal link can be used to access to system files or other important files on the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-31T16:55:11",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2020-12081-Remediated-in-FlexNet-Publisher/ta-p/153505"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2020-12081",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability has been identified in FlexNet Publisher lmadmin.exe 11.14.0.2. The web portal link can be used to access to system files or other important files on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2020-12081-Remediated-in-FlexNet-Publisher/ta-p/153505",
"refsource": "CONFIRM",
"url": "https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2020-12081-Remediated-in-FlexNet-Publisher/ta-p/153505"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2020-12081",
"datePublished": "2020-07-31T16:55:11",
"dateReserved": "2020-04-23T00:00:00",
"dateUpdated": "2024-08-04T11:48:58.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20033
Vulnerability from cvelistv5
Published
2019-02-25 20:00
Modified
2024-09-17 02:11
Severity ?
EPSS score ?
Summary
A Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier could allow a remote attacker to corrupt the memory by allocating / deallocating memory, loading lmgrd or the vendor daemon and causing the heartbeat between lmgrd and the vendor daemon to stop. This would force the vendor daemon to shut down. No exploit of this vulnerability has been demonstrated.
References
| ▼ | URL | Tags |
|---|---|---|
| https://secuniaresearch.flexerasoftware.com/advisories/85979/ | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/109155 | vdb-entry, x_refsource_BID | |
| https://www.oracle.com/security-alerts/cpuoct2021.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Flexera Software LLC | FlexNet Publisher |
Version: 11.16.1.0 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:51:18.821Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "85979",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "https://secuniaresearch.flexerasoftware.com/advisories/85979/"
},
{
"name": "109155",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/109155"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FlexNet Publisher",
"vendor": "Flexera Software LLC",
"versions": [
{
"status": "affected",
"version": "11.16.1.0 and earlier"
}
]
}
],
"datePublic": "2019-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier could allow a remote attacker to corrupt the memory by allocating / deallocating memory, loading lmgrd or the vendor daemon and causing the heartbeat between lmgrd and the vendor daemon to stop. This would force the vendor daemon to shut down. No exploit of this vulnerability has been demonstrated."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution (RCE)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-20T10:38:07",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "85979",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "https://secuniaresearch.flexerasoftware.com/advisories/85979/"
},
{
"name": "109155",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/109155"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"DATE_PUBLIC": "2019-01-28T00:00:00",
"ID": "CVE-2018-20033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FlexNet Publisher",
"version": {
"version_data": [
{
"version_value": "11.16.1.0 and earlier"
}
]
}
}
]
},
"vendor_name": "Flexera Software LLC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier could allow a remote attacker to corrupt the memory by allocating / deallocating memory, loading lmgrd or the vendor daemon and causing the heartbeat between lmgrd and the vendor daemon to stop. This would force the vendor daemon to shut down. No exploit of this vulnerability has been demonstrated."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution (RCE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "85979",
"refsource": "SECUNIA",
"url": "https://secuniaresearch.flexerasoftware.com/advisories/85979/"
},
{
"name": "109155",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/109155"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2018-20033",
"datePublished": "2019-02-25T20:00:00Z",
"dateReserved": "2018-12-10T00:00:00",
"dateUpdated": "2024-09-17T02:11:14.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-8960
Vulnerability from cvelistv5
Published
2020-04-21 14:20
Modified
2024-08-04 21:31
Severity ?
EPSS score ?
Summary
A Denial of Service vulnerability related to command handling has been identified in FlexNet Publisher lmadmin.exe version 11.16.2. The message reading function used in lmadmin.exe can, given a certain message, call itself again and then wait for a further message. With a particular flag set in the original message, but no second message received, the function eventually return an unexpected value which leads to an exception being thrown. The end result can be process termination.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:31:37.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8960-remediated-in-FlexNet-Publisher/ta-p/124598/jump-to/first-unread-message"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial of Service vulnerability related to command handling has been identified in FlexNet Publisher lmadmin.exe version 11.16.2. The message reading function used in lmadmin.exe can, given a certain message, call itself again and then wait for a further message. With a particular flag set in the original message, but no second message received, the function eventually return an unexpected value which leads to an exception being thrown. The end result can be process termination."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-21T14:20:52",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8960-remediated-in-FlexNet-Publisher/ta-p/124598/jump-to/first-unread-message"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2019-8960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial of Service vulnerability related to command handling has been identified in FlexNet Publisher lmadmin.exe version 11.16.2. The message reading function used in lmadmin.exe can, given a certain message, call itself again and then wait for a further message. With a particular flag set in the original message, but no second message received, the function eventually return an unexpected value which leads to an exception being thrown. The end result can be process termination."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8960-remediated-in-FlexNet-Publisher/ta-p/124598/jump-to/first-unread-message",
"refsource": "CONFIRM",
"url": "https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8960-remediated-in-FlexNet-Publisher/ta-p/124598/jump-to/first-unread-message"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2019-8960",
"datePublished": "2020-04-21T14:20:52",
"dateReserved": "2019-02-20T00:00:00",
"dateUpdated": "2024-08-04T21:31:37.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}