CVE-2019-8960

EPSS 0.39%
Veröffentlicht 21.04.2020 15:15:14
Zuletzt bearbeitet 21.11.2024 04:50:44
Quelle PSIRT-CNA@flexerasoftware.com
CVE-Watchlists
Login
Unerledigt
Login

A Denial of Service vulnerability related to command handling has been identified in FlexNet Publisher lmadmin.exe version 11.16.2. The message reading function used in lmadmin.exe can, given a certain message, call itself again and then wait for a further message. With a particular flag set in the original message, but no second message received, the function eventually return an unexpected value which leads to an exception being thrown. The end result can be process termination.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Flexera ≫ Flexnet Publisher Version11.16.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.39%	0.57

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8960-remediated-in-FlexNet-Publisher/ta-p/124598/jump-to/first-unread-message

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-8960

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-8960

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-8960

EUVD