Sign-up

ID

VAR-201903-1615


CVE

CVE-2018-20031


TITLE

FlexNet Publisher Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-015040

DESCRIPTION

A Denial of Service vulnerability related to preemptive item deletion in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down. FlexNet Publisher Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Floating License Manager is prone to multiple security vulnerabilities Attackers can exploit these issues to shut down the affected device, denying service to legitimate users. Floating License Manager version 2.3.0.0 and prior are vulnerable

Trust: 1.89

sources: NVD: CVE-2018-20031 // JVNDB: JVNDB-2018-015040 // BID: 109155

AFFECTED PRODUCTS

vendor:flexeramodel:flexnet publisherscope:lteversion:11.16.1.0

Trust: 1.8

vendor:oraclemodel:communications lsmsscope:lteversion:13.4

Trust: 1.0

vendor:oraclemodel:communications lsmsscope:gteversion:13.1

Trust: 1.0

vendor:schneider electricmodel:floating license managerscope:eqversion:1.4

Trust: 0.3

vendor:schneider electricmodel:floating license managerscope:eqversion:1.3

Trust: 0.3

vendor:schneider electricmodel:floating license managerscope:eqversion:1.2

Trust: 0.3

vendor:schneider electricmodel:floating license managerscope:eqversion:1.1

Trust: 0.3

vendor:schneider electricmodel:floating license managerscope:eqversion:1.0

Trust: 0.3

vendor:schneider electricmodel:floating license managerscope:eqversion:2.3.0.0

Trust: 0.3

vendor:schneider electricmodel:floating license managerscope:eqversion:2.2.0.0

Trust: 0.3

vendor:schneider electricmodel:floating license managerscope:neversion:2.3.1.0

Trust: 0.3

sources: BID: 109155 // JVNDB: JVNDB-2018-015040 // NVD: CVE-2018-20031

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-20031
value: HIGH

Trust: 1.0

NVD: CVE-2018-20031
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201903-819
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2018-20031
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2018-20031
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2018-20031
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2018-015040 // CNNVD: CNNVD-201903-819 // NVD: CVE-2018-20031

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.8

sources: JVNDB: JVNDB-2018-015040 // NVD: CVE-2018-20031

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-819

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201903-819

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015040

PATCH
title:SA85979url:https://secuniaresearch.flexerasoftware.com/advisories/85979/
Trust: 0.8
title:Flexera Software FlexNet Publisher Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90308
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-015040 // 
            
            
            
            CNNVD: CNNVD-201903-819

EXTERNAL IDS
db:NVDid:CVE-2018-20031
Trust: 2.7
db:BIDid:109155
Trust: 1.9
db:ICS CERTid:ICSA-19-192-07
Trust: 1.7
db:SECUNIAid:85979
Trust: 1.6
db:ICS CERTid:ICSA-19-192-05
Trust: 1.4
db:ICS CERTid:ICSA-19-323-01
Trust: 1.4
db:JVNDBid:JVNDB-2018-015040
Trust: 0.8
db:AUSCERTid:ESB-2019.4384
Trust: 0.6
db:AUSCERTid:ESB-2019.3621
Trust: 0.6
db:AUSCERTid:ESB-2019.2582
Trust: 0.6
db:CNNVDid:CNNVD-201903-819
Trust: 0.6
sources:
            
            
            BID: 109155 // 
            
            
            
            JVNDB: JVNDB-2018-015040 // 
            
            
            
            CNNVD: CNNVD-201903-819 // 
            
            
            
            NVD: CVE-2018-20031

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-19-192-07
Trust: 2.3
url:http://www.securityfocus.com/bid/109155
Trust: 2.2
url:https://secuniaresearch.flexerasoftware.com/advisories/85979/
Trust: 1.6
url:https://www.oracle.com/security-alerts/cpuoct2021.html
Trust: 1.6
url:https://www.us-cert.gov/ics/advisories/icsa-19-323-01
Trust: 1.4
url:https://www.us-cert.gov/ics/advisories/icsa-19-192-05
Trust: 1.4
url:https://nvd.nist.gov/vuln/detail/cve-2018-20031
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20031
Trust: 0.8
url:https://support.citrix.com/article/ctx261963
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.4384/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.3621/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.2582/
Trust: 0.6
url:www.controlmicrosystems.com
Trust: 0.3
sources:
            
            
            BID: 109155 // 
            
            
            
            JVNDB: JVNDB-2018-015040 // 
            
            
            
            CNNVD: CNNVD-201903-819 // 
            
            
            
            NVD: CVE-2018-20031

CREDITS
Schneider Electric
Trust: 0.9
sources:
            
            
            BID: 109155 // 
            
            
            
            CNNVD: CNNVD-201903-819

SOURCES
db:BIDid:109155
db:JVNDBid:JVNDB-2018-015040
db:CNNVDid:CNNVD-201903-819
db:NVDid:CVE-2018-20031

LAST UPDATE DATE
2024-08-14T14:04:30.912000+00:00

SOURCES UPDATE DATE
db:BIDid:109155date:2019-07-11T00:00:00
db:JVNDBid:JVNDB-2018-015040date:2019-11-20T00:00:00
db:CNNVDid:CNNVD-201903-819date:2022-04-12T00:00:00
db:NVDid:CVE-2018-20031date:2022-04-11T20:41:16.580

SOURCES RELEASE DATE
db:BIDid:109155date:2019-07-11T00:00:00
db:JVNDBid:JVNDB-2018-015040date:2019-04-22T00:00:00
db:CNNVDid:CNNVD-201903-819date:2019-03-21T00:00:00
db:NVDid:CVE-2018-20031date:2019-03-21T21:29:00.310