ID

VAR-201903-1615


CVE

CVE-2018-20031


TITLE

FlexNet Publisher Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-015040

DESCRIPTION

A Denial of Service vulnerability related to preemptive item deletion in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down. FlexNet Publisher Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Floating License Manager is prone to multiple security vulnerabilities Attackers can exploit these issues to shut down the affected device, denying service to legitimate users. Floating License Manager version 2.3.0.0 and prior are vulnerable

Trust: 1.89

sources: NVD: CVE-2018-20031 // JVNDB: JVNDB-2018-015040 // BID: 109155

AFFECTED PRODUCTS

vendor:flexeramodel:flexnet publisherscope:lteversion:11.16.1.0

Trust: 1.8

vendor:oraclemodel:communications lsmsscope:lteversion:13.4

Trust: 1.0

vendor:oraclemodel:communications lsmsscope:gteversion:13.1

Trust: 1.0

vendor:schneider electricmodel:floating license managerscope:eqversion:1.4

Trust: 0.3

vendor:schneider electricmodel:floating license managerscope:eqversion:1.3

Trust: 0.3

vendor:schneider electricmodel:floating license managerscope:eqversion:1.2

Trust: 0.3

vendor:schneider electricmodel:floating license managerscope:eqversion:1.1

Trust: 0.3

vendor:schneider electricmodel:floating license managerscope:eqversion:1.0

Trust: 0.3

vendor:schneider electricmodel:floating license managerscope:eqversion:2.3.0.0

Trust: 0.3

vendor:schneider electricmodel:floating license managerscope:eqversion:2.2.0.0

Trust: 0.3

vendor:schneider electricmodel:floating license managerscope:neversion:2.3.1.0

Trust: 0.3

sources: BID: 109155 // JVNDB: JVNDB-2018-015040 // NVD: CVE-2018-20031

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-20031
value: HIGH

Trust: 1.0

NVD: CVE-2018-20031
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201903-819
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2018-20031
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2018-20031
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2018-20031
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2018-015040 // CNNVD: CNNVD-201903-819 // NVD: CVE-2018-20031

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.8

sources: JVNDB: JVNDB-2018-015040 // NVD: CVE-2018-20031

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-819

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201903-819

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015040

PATCH

title:SA85979url:https://secuniaresearch.flexerasoftware.com/advisories/85979/

Trust: 0.8

title:Flexera Software FlexNet Publisher Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90308

Trust: 0.6

sources: JVNDB: JVNDB-2018-015040 // CNNVD: CNNVD-201903-819

EXTERNAL IDS

db:NVDid:CVE-2018-20031

Trust: 2.7

db:BIDid:109155

Trust: 1.9

db:ICS CERTid:ICSA-19-192-07

Trust: 1.7

db:SECUNIAid:85979

Trust: 1.6

db:ICS CERTid:ICSA-19-192-05

Trust: 1.4

db:ICS CERTid:ICSA-19-323-01

Trust: 1.4

db:JVNDBid:JVNDB-2018-015040

Trust: 0.8

db:AUSCERTid:ESB-2019.4384

Trust: 0.6

db:AUSCERTid:ESB-2019.3621

Trust: 0.6

db:AUSCERTid:ESB-2019.2582

Trust: 0.6

db:CNNVDid:CNNVD-201903-819

Trust: 0.6

sources: BID: 109155 // JVNDB: JVNDB-2018-015040 // CNNVD: CNNVD-201903-819 // NVD: CVE-2018-20031

REFERENCES

url:https://www.us-cert.gov/ics/advisories/icsa-19-192-07

Trust: 2.3

url:http://www.securityfocus.com/bid/109155

Trust: 2.2

url:https://secuniaresearch.flexerasoftware.com/advisories/85979/

Trust: 1.6

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 1.6

url:https://www.us-cert.gov/ics/advisories/icsa-19-323-01

Trust: 1.4

url:https://www.us-cert.gov/ics/advisories/icsa-19-192-05

Trust: 1.4

url:https://nvd.nist.gov/vuln/detail/cve-2018-20031

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20031

Trust: 0.8

url:https://support.citrix.com/article/ctx261963

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4384/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3621/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.2582/

Trust: 0.6

url:www.controlmicrosystems.com

Trust: 0.3

sources: BID: 109155 // JVNDB: JVNDB-2018-015040 // CNNVD: CNNVD-201903-819 // NVD: CVE-2018-20031

CREDITS

Schneider Electric

Trust: 0.9

sources: BID: 109155 // CNNVD: CNNVD-201903-819

SOURCES

db:BIDid:109155
db:JVNDBid:JVNDB-2018-015040
db:CNNVDid:CNNVD-201903-819
db:NVDid:CVE-2018-20031

LAST UPDATE DATE

2024-08-14T14:04:30.912000+00:00


SOURCES UPDATE DATE

db:BIDid:109155date:2019-07-11T00:00:00
db:JVNDBid:JVNDB-2018-015040date:2019-11-20T00:00:00
db:CNNVDid:CNNVD-201903-819date:2022-04-12T00:00:00
db:NVDid:CVE-2018-20031date:2022-04-11T20:41:16.580

SOURCES RELEASE DATE

db:BIDid:109155date:2019-07-11T00:00:00
db:JVNDBid:JVNDB-2018-015040date:2019-04-22T00:00:00
db:CNNVDid:CNNVD-201903-819date:2019-03-21T00:00:00
db:NVDid:CVE-2018-20031date:2019-03-21T21:29:00.310