Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM78D14C1110DC19B3DB9A8EC9C4A523FEBBD742254F056EA9EF78CBA619269DC2
HistoryMay 02, 2019 - 4:35 p.m.

Security Bulletin: Security vulnerability in FlexNet Publisher affects IBM Rational License Key Server

2019-05-0216:35:01
www.ibm.com
6

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Summary

A security vulnerability in FlexNet Publisher from Flexera, used by IBM Rational License Key Server has been published. Required remediation has been addressed by IBM Rational License Key Server team.

Vulnerability Details

CVEID: CVE-2018-20033 DESCRIPTION: Flexera Software FlexNet Publisher could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the lmgrd and vendor daemon components. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system and cause the vendor daemon to stop.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/158461 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

  • IBM Rational License Key Server version 8.1.4
  • IBM Rational License Key Server version 8.1.5

Remediation/Fixes

Upgrade to the IBM Rational License Key Server version 8.1.6. It can be downloaded here.

Workarounds and Mitigations

None

Related

prion 1
cve 1
nessus 1
hp 1
ics 3
oracle 1
prion
prion
Remote code execution
2019-02-25 20:29:00
cve
cve
CVE-2018-20033
2019-02-25 20:29:00
nessus
nessus
Flexera FlexNet Publisher < 11.16.2 Multiple Vulnerabilities
2019-08-26 00:00:00
hp
hp
HP Security Manager - Potential Remote Code Execution and Denial of Service
2021-09-27 00:00:00
ics
ics
Flexera FlexNet Publisher
2019-11-19 12:00:00
AVEVA Vijeo Citect and Citect SCADA Floating License Manager
2019-07-11 12:00:00
Schneider Electric Floating License Manager
2019-07-11 12:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2021
2021-10-19 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON
Related for 78D14C1110DC19B3DB9A8EC9C4A523FEBBD742254F056EA9EF78CBA619269DC2
prion1cve1nessus1hp1ics3oracle1