How severe is CVE-2018-20033?

CVE-2018-20033 has a severity rating of 9.8, which is considered critical.

Which software versions are affected by CVE-2018-20033?

FlexNet Publisher version 11.16.1.0 and earlier, as well as Oracle Communications Lsms versions 13.1 to 13.4 are affected.

Are there any references available for CVE-2018-20033?

Yes, you can find references for CVE-2018-20033 at the following URLs: http://www.securityfocus.com/bid/109155, https://secuniaresearch.flexerasoftware.com/advisories/85979/, and https://www.oracle.com/security-alerts/cpuoct2021.html.

Vulnerability/
CVE-2018-20033

critical

9.8

CWE

770

25/2/2019

17/9/2024

CVE-2018-20033

Q: What is CVE-2018-20033?

CVE-2018-20033 is a Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier.

Q: How can a remote attacker exploit CVE-2018-20033?

A remote attacker can exploit CVE-2018-20033 by corrupting the memory, allocating / deallocating memory, loading lmgrd or the vendor daemon, and causing a heartbeat issue between lmgrd and the vendor daemon.

First published: Mon Feb 25 2019(Updated: )

A Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier could allow a remote attacker to corrupt the memory by allocating / deallocating memory, loading lmgrd or the vendor daemon and causing the heartbeat between lmgrd and the vendor daemon to stop. This would force the vendor daemon to shut down. No exploit of this vulnerability has been demonstrated.

Credit: PSIRT-CNA@flexerasoftware.com

Affected Software	Affected Version	How to fix
Flexera FlexNet Publisher	<=11.16.1.0
Oracle Communications LSMS	>=13.1<=13.4

Remedy

https://www.oracle.com/security-alerts/cpuoct2021.html

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2018-20033?
CVE-2018-20033 is a Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier.
How severe is CVE-2018-20033?
CVE-2018-20033 has a severity rating of 9.8, which is considered critical.
Which software versions are affected by CVE-2018-20033?
FlexNet Publisher version 11.16.1.0 and earlier, as well as Oracle Communications Lsms versions 13.1 to 13.4 are affected.
How can a remote attacker exploit CVE-2018-20033?
A remote attacker can exploit CVE-2018-20033 by corrupting the memory, allocating / deallocating memory, loading lmgrd or the vendor daemon, and causing a heartbeat issue between lmgrd and the vendor daemon.
Are there any references available for CVE-2018-20033?
Yes, you can find references for CVE-2018-20033 at the following URLs: http://www.securityfocus.com/bid/109155, https://secuniaresearch.flexerasoftware.com/advisories/85979/, and https://www.oracle.com/security-alerts/cpuoct2021.html.

agent/type
agent/softwarecombine
agent/remedy
agent/author
agent/severity
agent/weakness
agent/references
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/flexera
canonical/flexera flexnet publisher
version/flexera flexnet publisher/11.16.1.0
vendor/oracle
canonical/oracle communications lsms
version/oracle communications lsms/13.1
version/oracle communications lsms/13.4

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.