CVE-2019-8960: A Denial of Service vulnerability related to command handling has been identified in FlexNet Publisher lmadmin.exe version 11.16.2. The message readin...

Description

A Denial of Service vulnerability related to command handling has been identified in FlexNet Publisher lmadmin.exe version 11.16.2. The message reading function used in lmadmin.exe can, given a certain message, call itself again and then wait for a further message. With a particular flag set in the original message, but no second message received, the function eventually return an unexpected value which leads to an exception being thrown. The end result can be process termination.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

1.28%

66.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-754

Affected Software

Vendor	Product	Versions
Flexera	Flexnet Publisher	11.16.2

References

Timeline

Published: Apr 21, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-8960?

A Denial of Service vulnerability related to command handling has been identified in FlexNet Publisher lmadmin.exe version 11.16.2. The message reading function used in lmadmin.exe can, given a certain message, call itself again and then wait for a further message. With a particular flag set in the original message, but no second message received, the function eventually return an unexpected value which leads to an exception being thrown. The end result can be process termination.

How severe is CVE-2019-8960?

CVE-2019-8960 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 1.28% probability of exploitation in the next 30 days.

How do I fix CVE-2019-8960?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.