CVE-2018-20033

{"id": "CVE-2018-20033", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-02-25T20:29:00.233", "references": [{"url": "http://www.securityfocus.com/bid/109155", "tags": ["Broken Link"], "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "https://secuniaresearch.flexerasoftware.com/advisories/85979/", "tags": ["Not Applicable", "Vendor Advisory"], "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "tags": ["Patch", "Third Party Advisory"], "source": "PSIRT-CNA@flexerasoftware.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "A Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier could allow a remote attacker to corrupt the memory by allocating / deallocating memory, loading lmgrd or the vendor daemon and causing the heartbeat between lmgrd and the vendor daemon to stop. This would force the vendor daemon to shut down. No exploit of this vulnerability has been demonstrated."}, {"lang": "es", "value": "Una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en los componentes de lmgrd y del demonio del fabricante en FlexNet Publisher, en versiones 11.16.1.0 y anteriores, podr\u00eda permitir que un atacante remoto corrompa la memoria asignando/desasignando memoria, cargando lmgrd o el demonio del fabricante y provocando que el latido entre lmgrd y el demonio del fabricante se detenga. Esto forzar\u00eda el cierre del demonio del fabricante. No se han demostrado explotaciones de esta vulnerabilidad."}], "lastModified": "2022-04-18T14:27:32.357", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:flexera:flexnet_publisher:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C7C03AE-8A93-4E82-B1EC-CEB6C4402FDF", "versionEndIncluding": "11.16.1.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:communications_lsms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "806AF4AF-12FB-4222-84E4-BC9D44EFF09F", "versionEndIncluding": "13.4", "versionStartIncluding": "13.1"}], "operator": "OR"}]}], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com"}