CVE-2019-8960 Information

Feb 14, 2021 cve

Description

A Denial of Service vulnerability related to command handling has been identified in FlexNet Publisher lmadmin.exe version 11.16.2. The message reading function used in lmadmin.exe can given a certain message call itself again and then wait for a further message. With a particular flag set in the original message but no second message received the function eventually return an unexpected value which leads to an exception being thrown. The end result can be process termination.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8960-remediated-in-FlexNet-Publisher/ta-p/124598/jump-to/first-unread-message

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5

Share on: