Vulnerabilites related to flexerasoftware - flexnet_publisher
cve-2015-8277
Vulnerability from cvelistv5
Published
2016-02-24 02:00
Modified
2024-08-06 08:13
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in (1) lmgrd and (2) Vendor Daemon in Flexera FlexNet Publisher before 11.13.1.2 Security Update 1 allow remote attackers to execute arbitrary code via a crafted packet with opcode (a) 0x107 or (b) 0x10a.
References
| ▼ | URL | Tags |
|---|---|---|
| https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec129.pdf | x_refsource_MISC | |
| http://securitymumblings.blogspot.com/2016/02/cve-2015-8277.html | x_refsource_MISC | |
| https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1073133 | x_refsource_CONFIRM | |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-212-05 | x_refsource_MISC | |
| http://www.securitytracker.com/id/1035266 | vdb-entry, x_refsource_SECTRACK | |
| http://support.citrix.com/article/CTX207824 | x_refsource_CONFIRM | |
| http://www.kb.cert.org/vuls/id/485744 | third-party-advisory, x_refsource_CERT-VN | |
| https://www.securifera.com/advisories/cve-2015-8277 | x_refsource_MISC | |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-102-02 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/83334 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:13:31.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec129.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://securitymumblings.blogspot.com/2016/02/cve-2015-8277.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1073133"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-05"
},
{
"name": "1035266",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035266"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX207824"
},
{
"name": "VU#485744",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/485744"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securifera.com/advisories/cve-2015-8277"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-102-02"
},
{
"name": "83334",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/83334"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in (1) lmgrd and (2) Vendor Daemon in Flexera FlexNet Publisher before 11.13.1.2 Security Update 1 allow remote attackers to execute arbitrary code via a crafted packet with opcode (a) 0x107 or (b) 0x10a."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-06T12:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec129.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://securitymumblings.blogspot.com/2016/02/cve-2015-8277.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1073133"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-05"
},
{
"name": "1035266",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035266"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX207824"
},
{
"name": "VU#485744",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/485744"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securifera.com/advisories/cve-2015-8277"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-102-02"
},
{
"name": "83334",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/83334"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-8277",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in (1) lmgrd and (2) Vendor Daemon in Flexera FlexNet Publisher before 11.13.1.2 Security Update 1 allow remote attackers to execute arbitrary code via a crafted packet with opcode (a) 0x107 or (b) 0x10a."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec129.pdf",
"refsource": "MISC",
"url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec129.pdf"
},
{
"name": "http://securitymumblings.blogspot.com/2016/02/cve-2015-8277.html",
"refsource": "MISC",
"url": "http://securitymumblings.blogspot.com/2016/02/cve-2015-8277.html"
},
{
"name": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1073133",
"refsource": "CONFIRM",
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1073133"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-05",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-05"
},
{
"name": "1035266",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035266"
},
{
"name": "http://support.citrix.com/article/CTX207824",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX207824"
},
{
"name": "VU#485744",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/485744"
},
{
"name": "https://www.securifera.com/advisories/cve-2015-8277",
"refsource": "MISC",
"url": "https://www.securifera.com/advisories/cve-2015-8277"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-102-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-102-02"
},
{
"name": "83334",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/83334"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-8277",
"datePublished": "2016-02-24T02:00:00",
"dateReserved": "2015-11-19T00:00:00",
"dateUpdated": "2024-08-06T08:13:31.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5571
Vulnerability from cvelistv5
Published
2017-03-03 15:00
Modified
2024-08-05 15:04
Severity ?
EPSS score ?
Summary
Open redirect vulnerability in the lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) 11.14.1 and earlier, as used in Citrix License Server for Windows and the Citrix License Server VPX, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/96028 | vdb-entry, x_refsource_BID | |
| https://support.citrix.com/article/CTX219885 | x_refsource_CONFIRM | |
| https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/ | x_refsource_CONFIRM | |
| https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/ | x_refsource_CONFIRM | |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:04:15.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager"
},
{
"name": "96028",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96028"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX219885"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in the lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) 11.14.1 and earlier, as used in Citrix License Server for Windows and the Citrix License Server VPX, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-29T19:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager"
},
{
"name": "96028",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96028"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.citrix.com/article/CTX219885"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5571",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in the lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) 11.14.1 and earlier, as used in Citrix License Server for Windows and the Citrix License Server VPX, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager",
"refsource": "CONFIRM",
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager"
},
{
"name": "96028",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96028"
},
{
"name": "https://support.citrix.com/article/CTX219885",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX219885"
},
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/"
},
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5571",
"datePublished": "2017-03-03T15:00:00",
"dateReserved": "2017-01-23T00:00:00",
"dateUpdated": "2024-08-05T15:04:15.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10395
Vulnerability from cvelistv5
Published
2017-06-15 16:00
Modified
2024-08-06 03:21
Severity ?
EPSS score ?
Summary
In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher Licensing Service can be exploited to cause an out-of-bounds memory read access and subsequently execute arbitrary code with SYSTEM privileges.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Flexera Software LLC | FlexNet Publisher |
Version: Versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:21:51.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://secuniaresearch.flexerasoftware.com/advisories/76368/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FlexNet Publisher",
"vendor": "Flexera Software LLC",
"versions": [
{
"status": "affected",
"version": "Versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform"
}
]
}
],
"datePublic": "2017-06-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher Licensing Service can be exploited to cause an out-of-bounds memory read access and subsequently execute arbitrary code with SYSTEM privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds memory read access leading to local user privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-29T19:57:02",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://secuniaresearch.flexerasoftware.com/advisories/76368/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2016-10395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FlexNet Publisher",
"version": {
"version_data": [
{
"version_value": "Versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform"
}
]
}
}
]
},
"vendor_name": "Flexera Software LLC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher Licensing Service can be exploited to cause an out-of-bounds memory read access and subsequently execute arbitrary code with SYSTEM privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds memory read access leading to local user privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://secuniaresearch.flexerasoftware.com/advisories/76368/",
"refsource": "MISC",
"url": "https://secuniaresearch.flexerasoftware.com/advisories/76368/"
},
{
"name": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager",
"refsource": "CONFIRM",
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager"
},
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/"
},
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/"
},
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2016-10395",
"datePublished": "2017-06-15T16:00:00",
"dateReserved": "2017-05-30T00:00:00",
"dateUpdated": "2024-08-06T03:21:51.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4135
Vulnerability from cvelistv5
Published
2012-01-19 19:00
Modified
2024-09-16 20:47
Severity ?
EPSS score ?
Summary
Multiple directory traversal vulnerabilities in lmgrd in Flexera FlexNet Publisher 11.10 (aka FlexNet License Server Manager) allow remote attackers to execute arbitrary code via vectors related to save, rename, and load operations on log files. NOTE: this might overlap CVE-2011-1389.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/45615 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.zerodayinitiative.com/advisories/ZDI-11-272/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/49191 | vdb-entry, x_refsource_BID | |
| http://www.flexerasoftware.com/pl/13057.htm | x_refsource_CONFIRM | |
| http://www.ibm.com/support/docview.wss?uid=swg21577760 | x_refsource_MISC | |
| http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Q200975&sliceId=1 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:50.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45615"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-272/"
},
{
"name": "49191",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49191"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.flexerasoftware.com/pl/13057.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21577760"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=Q200975\u0026sliceId=1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in lmgrd in Flexera FlexNet Publisher 11.10 (aka FlexNet License Server Manager) allow remote attackers to execute arbitrary code via vectors related to save, rename, and load operations on log files. NOTE: this might overlap CVE-2011-1389."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-01-19T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "45615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45615"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-272/"
},
{
"name": "49191",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49191"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.flexerasoftware.com/pl/13057.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21577760"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=Q200975\u0026sliceId=1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in lmgrd in Flexera FlexNet Publisher 11.10 (aka FlexNet License Server Manager) allow remote attackers to execute arbitrary code via vectors related to save, rename, and load operations on log files. NOTE: this might overlap CVE-2011-1389."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45615",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45615"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-11-272/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-272/"
},
{
"name": "49191",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49191"
},
{
"name": "http://www.flexerasoftware.com/pl/13057.htm",
"refsource": "CONFIRM",
"url": "http://www.flexerasoftware.com/pl/13057.htm"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21577760",
"refsource": "MISC",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21577760"
},
{
"name": "http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=Q200975\u0026sliceId=1",
"refsource": "CONFIRM",
"url": "http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=Q200975\u0026sliceId=1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4135",
"datePublished": "2012-01-19T19:00:00Z",
"dateReserved": "2011-10-18T00:00:00Z",
"dateUpdated": "2024-09-16T20:47:46.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4134
Vulnerability from cvelistv5
Published
2012-01-19 19:00
Modified
2024-09-16 16:49
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in lmadmin in Flexera FlexNet Publisher 11.10 (aka FlexNet License Server Manager) allows remote attackers to execute arbitrary code via a crafted 0x2f packet.
References
| ▼ | URL | Tags |
|---|---|---|
| http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Q200980&sliceId=1 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/48927 | vdb-entry, x_refsource_BID | |
| http://www.flexerasoftware.com/pl/12982.htm | x_refsource_CONFIRM | |
| http://zerodayinitiative.com/advisories/ZDI-11-244/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:50.801Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=Q200980\u0026sliceId=1"
},
{
"name": "48927",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48927"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.flexerasoftware.com/pl/12982.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-244/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in lmadmin in Flexera FlexNet Publisher 11.10 (aka FlexNet License Server Manager) allows remote attackers to execute arbitrary code via a crafted 0x2f packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-01-19T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=Q200980\u0026sliceId=1"
},
{
"name": "48927",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48927"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.flexerasoftware.com/pl/12982.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-244/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4134",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in lmadmin in Flexera FlexNet Publisher 11.10 (aka FlexNet License Server Manager) allows remote attackers to execute arbitrary code via a crafted 0x2f packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=Q200980\u0026sliceId=1",
"refsource": "CONFIRM",
"url": "http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=Q200980\u0026sliceId=1"
},
{
"name": "48927",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48927"
},
{
"name": "http://www.flexerasoftware.com/pl/12982.htm",
"refsource": "CONFIRM",
"url": "http://www.flexerasoftware.com/pl/12982.htm"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-11-244/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-244/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4134",
"datePublished": "2012-01-19T19:00:00Z",
"dateReserved": "2011-10-18T00:00:00Z",
"dateUpdated": "2024-09-16T16:49:05.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2017-06-15 16:29
Modified
2024-11-21 02:43
Severity ?
Summary
In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher Licensing Service can be exploited to cause an out-of-bounds memory read access and subsequently execute arbitrary code with SYSTEM privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| flexerasoftware | flexnet_publisher | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flexerasoftware:flexnet_publisher:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27B21AC4-B047-470E-BE67-A503B6E935A9",
"versionEndIncluding": "11.14.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher Licensing Service can be exploited to cause an out-of-bounds memory read access and subsequently execute arbitrary code with SYSTEM privileges."
},
{
"lang": "es",
"value": "En las versiones anteriores a Liton SP1 (11.14.1.1) de FlaxNet Publisher ejecutando FlaxNet Publisher Licensing Service en Windows, un error de limites relacionado al nombre de la tuber\u00eda dentro de el FlaxNet Publisher Licensing Service puede ser explotado provocando una lectura de memoria fuera de los l\u00edmites y consecuentemente ejecutar un c\u00f3digo aleatorio en los privilegios de SYSTEM."
}
],
"id": "CVE-2016-10395",
"lastModified": "2024-11-21T02:43:54.877",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-15T16:29:00.187",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://secuniaresearch.flexerasoftware.com/advisories/76368/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://secuniaresearch.flexerasoftware.com/advisories/76368/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vendorComments": [
{
"comment": "The vulnerability has been analyzed by us as to be exploitable through a locally authenticated user solely in this context. Thus, we assigned the following CVSS metrics and scores for the vulnerability with the CVE identifier CVE-2016-10395: \u003cbr /\u003e CVSS version 2: AV:L/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C \u003cbr /\u003e CVSS version 3: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"lastModified": "2017-08-16T13:15:04.617",
"organization": "Flexera Software"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-01-19 19:55
Modified
2024-11-21 01:31
Severity ?
Summary
Heap-based buffer overflow in lmadmin in Flexera FlexNet Publisher 11.10 (aka FlexNet License Server Manager) allows remote attackers to execute arbitrary code via a crafted 0x2f packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| flexerasoftware | flexnet_publisher | 11.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flexerasoftware:flexnet_publisher:11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7E37E7-9BE3-4BC7-B49E-8352530B2E74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in lmadmin in Flexera FlexNet Publisher 11.10 (aka FlexNet License Server Manager) allows remote attackers to execute arbitrary code via a crafted 0x2f packet."
},
{
"lang": "es",
"value": "Un desbordamiento de buffer basado en memoria din\u00e1mica (mont\u00edculo) en lmadmin en Flexera FLEXnet Publisher v11.10 (tambi\u00e9n conocido como FlexNet License Server Manager) permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un paquete 0x2f modificado."
}
],
"id": "CVE-2011-4134",
"lastModified": "2024-11-21T01:31:54.767",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-01-19T19:55:01.070",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=Q200980\u0026sliceId=1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.flexerasoftware.com/pl/12982.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/48927"
},
{
"source": "cve@mitre.org",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-244/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=Q200980\u0026sliceId=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.flexerasoftware.com/pl/12982.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/48927"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-244/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-01-19 19:55
Modified
2024-11-21 01:31
Severity ?
Summary
Multiple directory traversal vulnerabilities in lmgrd in Flexera FlexNet Publisher 11.10 (aka FlexNet License Server Manager) allow remote attackers to execute arbitrary code via vectors related to save, rename, and load operations on log files. NOTE: this might overlap CVE-2011-1389.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| flexerasoftware | flexnet_publisher | 11.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flexerasoftware:flexnet_publisher:11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7E37E7-9BE3-4BC7-B49E-8352530B2E74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in lmgrd in Flexera FlexNet Publisher 11.10 (aka FlexNet License Server Manager) allow remote attackers to execute arbitrary code via vectors related to save, rename, and load operations on log files. NOTE: this might overlap CVE-2011-1389."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de salto de directorio en lmgrd en Flexera FLEXnet Publisher v11.10 (tambi\u00e9n conocido como FlexNet License Server Manager) permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores relacionados con las operaciones de guardar, renombrar y carga en los archivos de registro. NOTA: este problema podr\u00eda superponerse a CVE-2011-1389."
}
],
"id": "CVE-2011-4135",
"lastModified": "2024-11-21T01:31:54.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-01-19T19:55:01.117",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=Q200975\u0026sliceId=1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45615"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.flexerasoftware.com/pl/13057.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21577760"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/49191"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-272/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=Q200975\u0026sliceId=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.flexerasoftware.com/pl/13057.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21577760"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/49191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-272/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-03 15:59
Modified
2024-11-21 03:27
Severity ?
Summary
Open redirect vulnerability in the lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) 11.14.1 and earlier, as used in Citrix License Server for Windows and the Citrix License Server VPX, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| flexerasoftware | flexnet_publisher | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flexerasoftware:flexnet_publisher:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27B21AC4-B047-470E-BE67-A503B6E935A9",
"versionEndIncluding": "11.14.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in the lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) 11.14.1 and earlier, as used in Citrix License Server for Windows and the Citrix License Server VPX, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n abierta en el componente lmadmin en Flexera FlexNet Publisher (tambi\u00e9n conocido como Flex License Manager) 11.14.1 y versiones anteriores, como se utiliza en Citrix License Server para Windows y el Citrix License Server VPX, permite a atacantes remotos redirigir a usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2017-5571",
"lastModified": "2024-11-21T03:27:54.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-03T15:59:00.883",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96028"
},
{
"source": "cve@mitre.org",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.citrix.com/article/CTX219885"
},
{
"source": "cve@mitre.org",
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager"
},
{
"source": "cve@mitre.org",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/"
},
{
"source": "cve@mitre.org",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.citrix.com/article/CTX219885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-02-24 03:59
Modified
2024-11-21 02:38
Severity ?
Summary
Multiple buffer overflows in (1) lmgrd and (2) Vendor Daemon in Flexera FlexNet Publisher before 11.13.1.2 Security Update 1 allow remote attackers to execute arbitrary code via a crafted packet with opcode (a) 0x107 or (b) 0x10a.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| flexerasoftware | flexnet_publisher | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flexerasoftware:flexnet_publisher:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E7C3FB-F21B-45B4-8BF6-B276ED5EABB8",
"versionEndIncluding": "11.13.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in (1) lmgrd and (2) Vendor Daemon in Flexera FlexNet Publisher before 11.13.1.2 Security Update 1 allow remote attackers to execute arbitrary code via a crafted packet with opcode (a) 0x107 or (b) 0x10a."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de buffer en (1) lmgrd y (2) Vendor Daemon en Flexera FlexNet Publisher en versiones anteriores a 11.13.1.2 Security Update 1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un paquete manipulado con c\u00f3digo de operaci\u00f3n (a) 0x107 o (b) 0x10a."
}
],
"id": "CVE-2015-8277",
"lastModified": "2024-11-21T02:38:13.337",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-24T03:59:00.133",
"references": [
{
"source": "cret@cert.org",
"url": "http://securitymumblings.blogspot.com/2016/02/cve-2015-8277.html"
},
{
"source": "cret@cert.org",
"url": "http://support.citrix.com/article/CTX207824"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/485744"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/83334"
},
{
"source": "cret@cert.org",
"url": "http://www.securitytracker.com/id/1035266"
},
{
"source": "cret@cert.org",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-102-02"
},
{
"source": "cret@cert.org",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-05"
},
{
"source": "cret@cert.org",
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1073133"
},
{
"source": "cret@cert.org",
"url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec129.pdf"
},
{
"source": "cret@cert.org",
"url": "https://www.securifera.com/advisories/cve-2015-8277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitymumblings.blogspot.com/2016/02/cve-2015-8277.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.citrix.com/article/CTX207824"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/485744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/83334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035266"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-102-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-05"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1073133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec129.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.securifera.com/advisories/cve-2015-8277"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}