Search criteria
7 vulnerabilities found for Floating License Manager by Schneider Electric
VAR-201402-0349
Vulnerability from variot - Updated: 2023-12-18 13:53Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character. Supplementary information : CWE Vulnerability type by CWE-428: Unquoted Search Path or Element ( Unquoted search path or element ) Has been identified. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. The SESU tool used by several of these products is used to update software on Windows PC systems. Attackers can leverage this issue to gain escalated privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201402-0349",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "floating license manager",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "1.0.0"
},
{
"model": "floating license manager",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "1.4.0"
},
{
"model": "floating license manager",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "1.0.0 to 1.4.0"
},
{
"model": "electric floating license manager",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "1.0.0-1.4.0"
},
{
"model": "floating license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.4"
},
{
"model": "floating license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.3"
},
{
"model": "floating license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.2"
},
{
"model": "floating license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.1"
},
{
"model": "floating license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "floating license manager",
"version": "1.0.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "floating license manager",
"version": "1.4.0"
}
],
"sources": [
{
"db": "IVD",
"id": "302331f0-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-01407"
},
{
"db": "BID",
"id": "65873"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001523"
},
{
"db": "NVD",
"id": "CVE-2014-0759"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-479"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:floating_license_manager:1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:floating_license_manager:1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0759"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "65873"
}
],
"trust": 0.3
},
"cve": "CVE-2014-0759",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.9,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2014-0759",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CNVD-2014-01407",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "302331f0-2352-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "VHN-68252",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-0759",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-01407",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201402-479",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "302331f0-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-68252",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2014-0759",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "302331f0-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-01407"
},
{
"db": "VULHUB",
"id": "VHN-68252"
},
{
"db": "VULMON",
"id": "CVE-2014-0759"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001523"
},
{
"db": "NVD",
"id": "CVE-2014-0759"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-479"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character. Supplementary information : CWE Vulnerability type by CWE-428: Unquoted Search Path or Element ( Unquoted search path or element ) Has been identified. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. The SESU tool used by several of these products is used to update software on Windows PC systems. \nAttackers can leverage this issue to gain escalated privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0759"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001523"
},
{
"db": "CNVD",
"id": "CNVD-2014-01407"
},
{
"db": "BID",
"id": "65873"
},
{
"db": "IVD",
"id": "302331f0-2352-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-68252"
},
{
"db": "VULMON",
"id": "CVE-2014-0759"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0759",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-14-058-01",
"trust": 3.5
},
{
"db": "BID",
"id": "65873",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201402-479",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-01407",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001523",
"trust": 0.8
},
{
"db": "IVD",
"id": "302331F0-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-68252",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-0759",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "302331f0-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-01407"
},
{
"db": "VULHUB",
"id": "VHN-68252"
},
{
"db": "VULMON",
"id": "CVE-2014-0759"
},
{
"db": "BID",
"id": "65873"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001523"
},
{
"db": "NVD",
"id": "CVE-2014-0759"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-479"
}
]
},
"id": "VAR-201402-0349",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "302331f0-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-01407"
},
{
"db": "VULHUB",
"id": "VHN-68252"
}
],
"trust": 1.4916666699999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "302331f0-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-01407"
}
]
},
"last_update_date": "2023-12-18T13:53:23.945000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2014-015-01",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-015-01"
},
{
"title": "Patch for Schneider Electric Floating License Manager Privilege Escalation Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/44006"
},
{
"title": "",
"trust": 0.2,
"url": "https://github.com/ontothecloud/cwe-428 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01407"
},
{
"db": "VULMON",
"id": "CVE-2014-0759"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001523"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001523"
},
{
"db": "NVD",
"id": "CVE-2014-0759"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-058-01"
},
{
"trust": 1.8,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-015-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0759"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0759"
},
{
"trust": 0.3,
"url": "www.controlmicrosystems.com"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://github.com/ontothecloud/cwe-428"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01407"
},
{
"db": "VULHUB",
"id": "VHN-68252"
},
{
"db": "VULMON",
"id": "CVE-2014-0759"
},
{
"db": "BID",
"id": "65873"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001523"
},
{
"db": "NVD",
"id": "CVE-2014-0759"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-479"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "302331f0-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-01407"
},
{
"db": "VULHUB",
"id": "VHN-68252"
},
{
"db": "VULMON",
"id": "CVE-2014-0759"
},
{
"db": "BID",
"id": "65873"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001523"
},
{
"db": "NVD",
"id": "CVE-2014-0759"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-479"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-03-04T00:00:00",
"db": "IVD",
"id": "302331f0-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2014-03-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01407"
},
{
"date": "2014-02-28T00:00:00",
"db": "VULHUB",
"id": "VHN-68252"
},
{
"date": "2014-02-28T00:00:00",
"db": "VULMON",
"id": "CVE-2014-0759"
},
{
"date": "2014-02-27T00:00:00",
"db": "BID",
"id": "65873"
},
{
"date": "2014-03-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001523"
},
{
"date": "2014-02-28T06:18:54.260000",
"db": "NVD",
"id": "CVE-2014-0759"
},
{
"date": "2014-02-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201402-479"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-03-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01407"
},
{
"date": "2014-02-28T00:00:00",
"db": "VULHUB",
"id": "VHN-68252"
},
{
"date": "2014-02-28T00:00:00",
"db": "VULMON",
"id": "CVE-2014-0759"
},
{
"date": "2014-02-27T00:00:00",
"db": "BID",
"id": "65873"
},
{
"date": "2014-03-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001523"
},
{
"date": "2014-02-28T17:16:12.043000",
"db": "NVD",
"id": "CVE-2014-0759"
},
{
"date": "2014-03-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201402-479"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "65873"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-479"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Floating License Manager Privilege Escalation Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01407"
},
{
"db": "BID",
"id": "65873"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "302331f0-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-479"
}
],
"trust": 0.8
}
}
VAR-201903-1614
Vulnerability from variot - Updated: 2023-12-18 12:28A Denial of Service vulnerability related to message decoding in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down. FlexNet Publisher Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Floating License Manager is prone to multiple security vulnerabilities Attackers can exploit these issues to shut down the affected device, denying service to legitimate users. Floating License Manager version 2.3.0.0 and prior are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-1614",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "flexnet publisher",
"scope": "lte",
"trust": 1.8,
"vendor": "flexera",
"version": "11.16.1.0"
},
{
"model": "communications lsms",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "communications lsms",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "floating license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.4"
},
{
"model": "floating license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.3"
},
{
"model": "floating license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.2"
},
{
"model": "floating license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.1"
},
{
"model": "floating license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.0"
},
{
"model": "floating license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2.3.0.0"
},
{
"model": "floating license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2.2.0.0"
},
{
"model": "floating license manager",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2.3.1.0"
}
],
"sources": [
{
"db": "BID",
"id": "109155"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015041"
},
{
"db": "NVD",
"id": "CVE-2018-20032"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:flexera:flexnet_publisher:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.16.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_lsms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.4",
"versionStartIncluding": "13.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-20032"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric",
"sources": [
{
"db": "BID",
"id": "109155"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-820"
}
],
"trust": 0.9
},
"cve": "CVE-2018-20032",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-20032",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-20032",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-20032",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-820",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015041"
},
{
"db": "NVD",
"id": "CVE-2018-20032"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-820"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Denial of Service vulnerability related to message decoding in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down. FlexNet Publisher Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Floating License Manager is prone to multiple security vulnerabilities\nAttackers can exploit these issues to shut down the affected device, denying service to legitimate users. \nFloating License Manager version 2.3.0.0 and prior are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-20032"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015041"
},
{
"db": "BID",
"id": "109155"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-20032",
"trust": 2.7
},
{
"db": "BID",
"id": "109155",
"trust": 1.9
},
{
"db": "ICS CERT",
"id": "ICSA-19-192-07",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "85979",
"trust": 1.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-323-01",
"trust": 1.4
},
{
"db": "ICS CERT",
"id": "ICSA-19-192-05",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015041",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.4384",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3621",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2582",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201903-820",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "109155"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015041"
},
{
"db": "NVD",
"id": "CVE-2018-20032"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-820"
}
]
},
"id": "VAR-201903-1614",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.18333334
},
"last_update_date": "2023-12-18T12:28:25.174000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SA85979",
"trust": 0.8,
"url": "https://secuniaresearch.flexerasoftware.com/advisories/85979/"
},
{
"title": "Flexera Software FlexNet Publisher Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=90309"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015041"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-820"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015041"
},
{
"db": "NVD",
"id": "CVE-2018-20032"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/109155"
},
{
"trust": 1.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-192-07"
},
{
"trust": 1.6,
"url": "https://secuniaresearch.flexerasoftware.com/advisories/85979/"
},
{
"trust": 1.6,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-323-01"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-192-05"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20032"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20032"
},
{
"trust": 0.6,
"url": "https://support.citrix.com/article/ctx261963"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4384/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3621/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2582/"
},
{
"trust": 0.3,
"url": "www.controlmicrosystems.com"
}
],
"sources": [
{
"db": "BID",
"id": "109155"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015041"
},
{
"db": "NVD",
"id": "CVE-2018-20032"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-820"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "109155"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015041"
},
{
"db": "NVD",
"id": "CVE-2018-20032"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-820"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-11T00:00:00",
"db": "BID",
"id": "109155"
},
{
"date": "2019-04-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015041"
},
{
"date": "2019-03-21T21:29:00.357000",
"db": "NVD",
"id": "CVE-2018-20032"
},
{
"date": "2019-03-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-820"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-11T00:00:00",
"db": "BID",
"id": "109155"
},
{
"date": "2019-11-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015041"
},
{
"date": "2022-04-11T20:22:13.830000",
"db": "NVD",
"id": "CVE-2018-20032"
},
{
"date": "2022-04-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-820"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-820"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FlexNet Publisher Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015041"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-820"
}
],
"trust": 0.6
}
}
VAR-201903-1613
Vulnerability from variot - Updated: 2023-12-18 12:28A Denial of Service vulnerability related to adding an item to a list in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down. FlexNet Publisher Contains an input validation vulnerability.Denial of service (DoS) May be in a state. Schneider Electric Floating License Manager is prone to multiple security vulnerabilities Attackers can exploit these issues to shut down the affected device, denying service to legitimate users. Floating License Manager version 2.3.0.0 and prior are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-1613",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "flexnet publisher",
"scope": "lte",
"trust": 1.8,
"vendor": "flexera",
"version": "11.16.1.0"
},
{
"model": "communications lsms",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "communications lsms",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "floating license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.4"
},
{
"model": "floating license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.3"
},
{
"model": "floating license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.2"
},
{
"model": "floating license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.1"
},
{
"model": "floating license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.0"
},
{
"model": "floating license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2.3.0.0"
},
{
"model": "floating license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2.2.0.0"
},
{
"model": "floating license manager",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2.3.1.0"
}
],
"sources": [
{
"db": "BID",
"id": "109155"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015042"
},
{
"db": "NVD",
"id": "CVE-2018-20034"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:flexera:flexnet_publisher:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.16.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_lsms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.4",
"versionStartIncluding": "13.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-20034"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric",
"sources": [
{
"db": "BID",
"id": "109155"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-821"
}
],
"trust": 0.9
},
"cve": "CVE-2018-20034",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-20034",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-20034",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-20034",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-821",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015042"
},
{
"db": "NVD",
"id": "CVE-2018-20034"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-821"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Denial of Service vulnerability related to adding an item to a list in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down. FlexNet Publisher Contains an input validation vulnerability.Denial of service (DoS) May be in a state. Schneider Electric Floating License Manager is prone to multiple security vulnerabilities\nAttackers can exploit these issues to shut down the affected device, denying service to legitimate users. \nFloating License Manager version 2.3.0.0 and prior are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-20034"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015042"
},
{
"db": "BID",
"id": "109155"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-20034",
"trust": 2.7
},
{
"db": "BID",
"id": "109155",
"trust": 1.9
},
{
"db": "ICS CERT",
"id": "ICSA-19-192-07",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "85979",
"trust": 1.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-192-05",
"trust": 1.4
},
{
"db": "ICS CERT",
"id": "ICSA-19-323-01",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015042",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.4384",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3621",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2582",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201903-821",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "109155"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015042"
},
{
"db": "NVD",
"id": "CVE-2018-20034"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-821"
}
]
},
"id": "VAR-201903-1613",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.18333334
},
"last_update_date": "2023-12-18T12:28:25.201000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SA85979",
"trust": 0.8,
"url": "https://secuniaresearch.flexerasoftware.com/advisories/85979/"
},
{
"title": "Flexera Software FlexNet Publisher Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=90310"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015042"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-821"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015042"
},
{
"db": "NVD",
"id": "CVE-2018-20034"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-192-07"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/109155"
},
{
"trust": 1.6,
"url": "https://secuniaresearch.flexerasoftware.com/advisories/85979/"
},
{
"trust": 1.6,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-323-01"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-192-05"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20034"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20034"
},
{
"trust": 0.6,
"url": "https://support.citrix.com/article/ctx261963"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4384/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3621/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2582/"
},
{
"trust": 0.3,
"url": "www.controlmicrosystems.com"
}
],
"sources": [
{
"db": "BID",
"id": "109155"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015042"
},
{
"db": "NVD",
"id": "CVE-2018-20034"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-821"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "109155"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015042"
},
{
"db": "NVD",
"id": "CVE-2018-20034"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-821"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-11T00:00:00",
"db": "BID",
"id": "109155"
},
{
"date": "2019-04-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015042"
},
{
"date": "2019-03-21T21:29:00.403000",
"db": "NVD",
"id": "CVE-2018-20034"
},
{
"date": "2019-03-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-821"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-11T00:00:00",
"db": "BID",
"id": "109155"
},
{
"date": "2019-11-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015042"
},
{
"date": "2022-04-11T20:40:52.313000",
"db": "NVD",
"id": "CVE-2018-20034"
},
{
"date": "2022-04-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-821"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-821"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FlexNet Publisher Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015042"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-821"
}
],
"trust": 0.6
}
}
VAR-201902-0854
Vulnerability from variot - Updated: 2023-12-18 12:28A Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier could allow a remote attacker to corrupt the memory by allocating / deallocating memory, loading lmgrd or the vendor daemon and causing the heartbeat between lmgrd and the vendor daemon to stop. This would force the vendor daemon to shut down. No exploit of this vulnerability has been demonstrated. FlexNet Publisher Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Floating License Manager is prone to multiple security vulnerabilities Attackers can exploit these issues to shut down the affected device, denying service to legitimate users. Floating License Manager version 2.3.0.0 and prior are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201902-0854",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "flexnet publisher",
"scope": "lte",
"trust": 1.8,
"vendor": "flexera",
"version": "11.16.1.0"
},
{
"model": "communications lsms",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "communications lsms",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "floating license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.4"
},
{
"model": "floating license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.3"
},
{
"model": "floating license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.2"
},
{
"model": "floating license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.1"
},
{
"model": "floating license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.0"
},
{
"model": "floating license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2.3.0.0"
},
{
"model": "floating license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2.2.0.0"
},
{
"model": "floating license manager",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2.3.1.0"
}
],
"sources": [
{
"db": "BID",
"id": "109155"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014650"
},
{
"db": "NVD",
"id": "CVE-2018-20033"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:flexera:flexnet_publisher:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.16.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_lsms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.4",
"versionStartIncluding": "13.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-20033"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric",
"sources": [
{
"db": "BID",
"id": "109155"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-907"
}
],
"trust": 0.9
},
"cve": "CVE-2018-20033",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-20033",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-20033",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-20033",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-907",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2018-20033",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-20033"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014650"
},
{
"db": "NVD",
"id": "CVE-2018-20033"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-907"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier could allow a remote attacker to corrupt the memory by allocating / deallocating memory, loading lmgrd or the vendor daemon and causing the heartbeat between lmgrd and the vendor daemon to stop. This would force the vendor daemon to shut down. No exploit of this vulnerability has been demonstrated. FlexNet Publisher Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Floating License Manager is prone to multiple security vulnerabilities\nAttackers can exploit these issues to shut down the affected device, denying service to legitimate users. \nFloating License Manager version 2.3.0.0 and prior are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-20033"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014650"
},
{
"db": "BID",
"id": "109155"
},
{
"db": "VULMON",
"id": "CVE-2018-20033"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-20033",
"trust": 2.8
},
{
"db": "BID",
"id": "109155",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "85979",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-192-07",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-192-05",
"trust": 1.4
},
{
"db": "ICS CERT",
"id": "ICSA-19-323-01",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014650",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.4384",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3621",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1146",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2582",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201902-907",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2018-20033",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-20033"
},
{
"db": "BID",
"id": "109155"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014650"
},
{
"db": "NVD",
"id": "CVE-2018-20033"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-907"
}
]
},
"id": "VAR-201902-0854",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.18333334
},
"last_update_date": "2023-12-18T12:28:25.144000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SA85979",
"trust": 0.8,
"url": "https://secuniaresearch.flexerasoftware.com/advisories/85979/"
},
{
"title": "Flexera Software FlexNet Publisher lmgrd and vendor daemon Fixes for component security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=89642"
},
{
"title": "IBM: IBM Security Bulletin: Security vulnerability in FlexNet Publisher affects IBM Rational License Key Server",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=18a5bc40ab87d26b3b0190a947f7a33f"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-20033"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014650"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-907"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-770",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014650"
},
{
"db": "NVD",
"id": "CVE-2018-20033"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/109155"
},
{
"trust": 1.7,
"url": "https://secuniaresearch.flexerasoftware.com/advisories/85979/"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-192-07"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-323-01"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-192-05"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20033"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20033"
},
{
"trust": 0.6,
"url": "https://support.citrix.com/article/ctx261963"
},
{
"trust": 0.6,
"url": "http://www.ibm.com/support/docview.wss"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4384/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/78450"
},
{
"trust": 0.6,
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10879027"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3621/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2582/"
},
{
"trust": 0.3,
"url": "www.controlmicrosystems.com"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/770.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=59717"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-20033"
},
{
"db": "BID",
"id": "109155"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014650"
},
{
"db": "NVD",
"id": "CVE-2018-20033"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-907"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2018-20033"
},
{
"db": "BID",
"id": "109155"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014650"
},
{
"db": "NVD",
"id": "CVE-2018-20033"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-907"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-25T00:00:00",
"db": "VULMON",
"id": "CVE-2018-20033"
},
{
"date": "2019-07-11T00:00:00",
"db": "BID",
"id": "109155"
},
{
"date": "2019-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014650"
},
{
"date": "2019-02-25T20:29:00.233000",
"db": "NVD",
"id": "CVE-2018-20033"
},
{
"date": "2019-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-907"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-18T00:00:00",
"db": "VULMON",
"id": "CVE-2018-20033"
},
{
"date": "2019-07-11T00:00:00",
"db": "BID",
"id": "109155"
},
{
"date": "2019-11-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014650"
},
{
"date": "2022-04-18T14:27:32.357000",
"db": "NVD",
"id": "CVE-2018-20033"
},
{
"date": "2022-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-907"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-907"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FlexNet Publisher Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014650"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-907"
}
],
"trust": 0.6
}
}
VAR-201903-1615
Vulnerability from variot - Updated: 2023-12-18 12:28A Denial of Service vulnerability related to preemptive item deletion in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down. FlexNet Publisher Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Floating License Manager is prone to multiple security vulnerabilities Attackers can exploit these issues to shut down the affected device, denying service to legitimate users. Floating License Manager version 2.3.0.0 and prior are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-1615",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "flexnet publisher",
"scope": "lte",
"trust": 1.8,
"vendor": "flexera",
"version": "11.16.1.0"
},
{
"model": "communications lsms",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "communications lsms",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "floating license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.4"
},
{
"model": "floating license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.3"
},
{
"model": "floating license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.2"
},
{
"model": "floating license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.1"
},
{
"model": "floating license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "1.0"
},
{
"model": "floating license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2.3.0.0"
},
{
"model": "floating license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2.2.0.0"
},
{
"model": "floating license manager",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2.3.1.0"
}
],
"sources": [
{
"db": "BID",
"id": "109155"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015040"
},
{
"db": "NVD",
"id": "CVE-2018-20031"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:flexera:flexnet_publisher:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.16.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_lsms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.4",
"versionStartIncluding": "13.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-20031"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric",
"sources": [
{
"db": "BID",
"id": "109155"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-819"
}
],
"trust": 0.9
},
"cve": "CVE-2018-20031",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-20031",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-20031",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-20031",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-819",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015040"
},
{
"db": "NVD",
"id": "CVE-2018-20031"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-819"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Denial of Service vulnerability related to preemptive item deletion in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down. FlexNet Publisher Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Floating License Manager is prone to multiple security vulnerabilities\nAttackers can exploit these issues to shut down the affected device, denying service to legitimate users. \nFloating License Manager version 2.3.0.0 and prior are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-20031"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015040"
},
{
"db": "BID",
"id": "109155"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-20031",
"trust": 2.7
},
{
"db": "BID",
"id": "109155",
"trust": 1.9
},
{
"db": "ICS CERT",
"id": "ICSA-19-192-07",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "85979",
"trust": 1.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-192-05",
"trust": 1.4
},
{
"db": "ICS CERT",
"id": "ICSA-19-323-01",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015040",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.4384",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3621",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2582",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201903-819",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "109155"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015040"
},
{
"db": "NVD",
"id": "CVE-2018-20031"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-819"
}
]
},
"id": "VAR-201903-1615",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.18333334
},
"last_update_date": "2023-12-18T12:28:25.229000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SA85979",
"trust": 0.8,
"url": "https://secuniaresearch.flexerasoftware.com/advisories/85979/"
},
{
"title": "Flexera Software FlexNet Publisher Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=90308"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015040"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-819"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015040"
},
{
"db": "NVD",
"id": "CVE-2018-20031"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-192-07"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/109155"
},
{
"trust": 1.6,
"url": "https://secuniaresearch.flexerasoftware.com/advisories/85979/"
},
{
"trust": 1.6,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-323-01"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-192-05"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20031"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20031"
},
{
"trust": 0.6,
"url": "https://support.citrix.com/article/ctx261963"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4384/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3621/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2582/"
},
{
"trust": 0.3,
"url": "www.controlmicrosystems.com"
}
],
"sources": [
{
"db": "BID",
"id": "109155"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015040"
},
{
"db": "NVD",
"id": "CVE-2018-20031"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-819"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "109155"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015040"
},
{
"db": "NVD",
"id": "CVE-2018-20031"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-819"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-11T00:00:00",
"db": "BID",
"id": "109155"
},
{
"date": "2019-04-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015040"
},
{
"date": "2019-03-21T21:29:00.310000",
"db": "NVD",
"id": "CVE-2018-20031"
},
{
"date": "2019-03-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-819"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-11T00:00:00",
"db": "BID",
"id": "109155"
},
{
"date": "2019-11-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015040"
},
{
"date": "2022-04-11T20:41:16.580000",
"db": "NVD",
"id": "CVE-2018-20031"
},
{
"date": "2022-04-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-819"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-819"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FlexNet Publisher Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015040"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-819"
}
],
"trust": 0.6
}
}
CVE-2014-0759 (GCVE-0-2014-0759)
Vulnerability from cvelistv5 – Published: 2014-02-28 02:00 – Updated: 2025-09-19 18:52
VLAI?
Title
Schneider Electric Floating License Manager Unquoted Search Path or Element
Summary
Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Schneider Electric | Floating License Manager |
Affected:
V1.0.0 , ≤ V1.4.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.486Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-058-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-015-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Floating License Manager",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "V1.4.0",
"status": "affected",
"version": "V1.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2014-02-27T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUnquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.\u003c/p\u003e"
}
],
"value": "Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T18:52:00.207Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-058-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-015-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDeployment of the Schneider Electric products using the vulnerable \nfloating license manager are designed to be automatically updated via \nthe Schneider Electric Software Update system.\u003c/p\u003e\n\u003cp\u003eSchneider Electric\u2019s latest download patches and known vulnerabilities are available here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cybersecurity.page\"\u003ehttp://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cybersecurity.page\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Deployment of the Schneider Electric products using the vulnerable \nfloating license manager are designed to be automatically updated via \nthe Schneider Electric Software Update system.\n\n\nSchneider Electric\u2019s latest download patches and known vulnerabilities are available here:\n\n\n http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cybersecurity.page"
}
],
"source": {
"advisory": "ICSA-14-058-01",
"discovery": "INTERNAL"
},
"title": "Schneider Electric Floating License Manager Unquoted Search Path or Element",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-0759",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-058-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-058-01"
},
{
"name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-015-01",
"refsource": "CONFIRM",
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-015-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-0759",
"datePublished": "2014-02-28T02:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2025-09-19T18:52:00.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0759 (GCVE-0-2014-0759)
Vulnerability from nvd – Published: 2014-02-28 02:00 – Updated: 2025-09-19 18:52
VLAI?
Title
Schneider Electric Floating License Manager Unquoted Search Path or Element
Summary
Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Schneider Electric | Floating License Manager |
Affected:
V1.0.0 , ≤ V1.4.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.486Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-058-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-015-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Floating License Manager",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "V1.4.0",
"status": "affected",
"version": "V1.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2014-02-27T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUnquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.\u003c/p\u003e"
}
],
"value": "Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T18:52:00.207Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-058-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-015-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDeployment of the Schneider Electric products using the vulnerable \nfloating license manager are designed to be automatically updated via \nthe Schneider Electric Software Update system.\u003c/p\u003e\n\u003cp\u003eSchneider Electric\u2019s latest download patches and known vulnerabilities are available here:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cybersecurity.page\"\u003ehttp://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cybersecurity.page\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Deployment of the Schneider Electric products using the vulnerable \nfloating license manager are designed to be automatically updated via \nthe Schneider Electric Software Update system.\n\n\nSchneider Electric\u2019s latest download patches and known vulnerabilities are available here:\n\n\n http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cybersecurity.page"
}
],
"source": {
"advisory": "ICSA-14-058-01",
"discovery": "INTERNAL"
},
"title": "Schneider Electric Floating License Manager Unquoted Search Path or Element",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-0759",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-058-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-058-01"
},
{
"name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-015-01",
"refsource": "CONFIRM",
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-015-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-0759",
"datePublished": "2014-02-28T02:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2025-09-19T18:52:00.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}