Login Sign Up

CVE-2019-8963

7.5 HIGH
Denial of Service

📋 TL;DR

CVE-2019-8963 is a Denial of Service vulnerability in FlexNet Publisher's lmadmin web interface. Attackers can crash the service by sending a specially crafted POST request, disrupting license management functionality. Organizations using FlexNet Publisher lmadmin version 11.16.5 are affected.

💻 Affected Systems

Products:
  • FlexNet Publisher lmadmin
Versions: 11.16.5
Operating Systems: All platforms running FlexNet Publisher
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects the web-based administration interface of lmadmin. The vulnerability is in how the web server processes POST requests.

📦 What is this software?

Flexnet Publisher by Flexera

View all CVEs affecting Flexnet Publisher →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete disruption of license management services, preventing software licensing operations and potentially affecting business-critical applications that rely on FlexNet licensing.

🟠

Likely Case

Temporary service outage of the lmadmin web interface requiring service restart, causing licensing administration disruptions.

🟢

If Mitigated

Minimal impact with proper network segmentation and access controls limiting who can reach the vulnerable interface.

🌐 Internet-Facing: HIGH - The vulnerability affects a web interface that could be exposed to the internet, allowing remote attackers to trigger DoS.
🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this to disrupt licensing services.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability requires sending a crafted POST request to the lmadmin web interface, which is relatively simple to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.16.5.1 and later

Vendor Advisory: https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8963-Remediated-in-FlexNet-Publisher/ta-p/148768

Restart Required: Yes

Instructions:

1. Download the patched version from Flexera support portal. 2. Backup current configuration. 3. Stop lmadmin service. 4. Install the update. 5. Restart lmadmin service. 6. Verify service functionality.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to the lmadmin web interface to only trusted administrative networks.

Use firewall rules to limit access to lmadmin port (typically 27000 or configured port)

Disable Web Interface

all

Temporarily disable the web-based administration interface if not required.

Modify lmadmin configuration to disable web interface or block the web port

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate the lmadmin server from untrusted networks
  • Deploy a web application firewall (WAF) in front of the lmadmin interface to filter malicious requests

🔍 How to Verify

Check if Vulnerable:

Check if lmadmin version is 11.16.5 by examining the service version or installation directory.

Check Version:

Check lmadmin version through the web interface or service logs, or examine installation files.

Verify Fix Applied:

Verify lmadmin version is 11.16.5.1 or later and test the web interface functionality.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected lmadmin service crashes
  • Multiple POST requests causing service termination
  • Error logs indicating malformed requests

Network Indicators:

  • Multiple POST requests to lmadmin web interface from single source
  • Unusual traffic patterns to lmadmin port

SIEM Query:

source="lmadmin" AND (event="crash" OR event="terminated") OR (http_method="POST" AND dest_port="lmadmin_port" AND pattern="malformed")

📊 Metadata

CVE ID: CVE-2019-8963
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Published: March 29, 2023
Last Updated: February 19, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON