CVE-2018-20033

A Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier could allow a remote attacker to corrupt the memory by allocating / deallocating memory, loading lmgrd or the vendor daemon and causing the heartbeat between lmgrd and the vendor daemon to stop. This would force the vendor daemon to shut down. No exploit of this vulnerability has been demonstrated.

Published: Feb 25, 2019
Updated: Apr 13, 2023
CVE: CVE-2018-20033
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-770

Affected Software
References

Software	From	Fixed in
flexera / flexnet_publisher	-	11.16.1.0.x
oracle / communications_lsms	13.1	13.4.x

http://www.securityfocus.com/bid/109155
https://secuniaresearch.flexerasoftware.com/advisories/85979/
https://www.oracle.com/security-alerts/cpuoct2021.html

Vulnerability Database

289,599

CVE-2018-20033