CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-37498
https://notcve.org/view.php?id=CVE-2021-37498
20 Jan 2023 — An SSRF issue was discovered in Reprise License Manager (RLM) web interface through 14.2BL4 that allows remote attackers to trigger outbound requests to intranet servers, conduct port scans via the actserver parameter in License Activation function. • http://reprise.com • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-37499
https://notcve.org/view.php?id=CVE-2021-37499
20 Jan 2023 — CRLF vulnerability in Reprise License Manager (RLM) web interface through 14.2BL4 in the password parameter in View License Result function, that allows remote attackers to inject arbitrary HTTP headers. • http://reprise.com • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-37500
https://notcve.org/view.php?id=CVE-2021-37500
20 Jan 2023 — Directory traversal vulnerability in Reprise License Manager (RLM) web interface before 14.2BL4 in the diagnostics function that allows RLM users with sufficient privileges to overwrite any file the on the server. • http://reprise.com • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2022-28363 – Reprise License Manager 14.2 Cross Site Scripting / Information Disclosure
https://notcve.org/view.php?id=CVE-2022-28363
08 Apr 2022 — Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/login_process username parameter via GET. No authentication is required. Reprise License Manager versión 14.2, está afectado por una vulnerabilidad de tipo cross-site scripting (XSS) reflejado en el parámetro /goform/login_process username por medio de GET. No es requerida autenticación Reprise License Manager version 14.2 suffers from cross site scripting and information disclosure vulnerabilitie... • http://packetstormsecurity.com/files/166647/Reprise-License-Manager-14.2-Cross-Site-Scripting-Information-Disclosure.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-28364 – Reprise License Manager 14.2 Cross Site Scripting / Information Disclosure
https://notcve.org/view.php?id=CVE-2022-28364
08 Apr 2022 — Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/rlmswitchr_process file parameter via GET. Authentication is required. Reprise License Manager versión 14.2 está afectado por una vulnerabilidad de tipo cross-site scripting (XSS) reflejado en el parámetro de archivo /goform/rlmswitchr_process por medio de GET. Es requerida autenticación Reprise License Manager version 14.2 suffers from cross site scripting and information disclosure vulnerabiliti... • http://packetstormsecurity.com/files/166647/Reprise-License-Manager-14.2-Cross-Site-Scripting-Information-Disclosure.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 5%CPEs: 1EXPL: 2CVE-2022-28365 – Reprise License Manager 14.2 Cross Site Scripting / Information Disclosure
https://notcve.org/view.php?id=CVE-2022-28365
08 Apr 2022 — Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture, and file/directory details. Reprise License Manager versión 14.2, está afectado por una vulnerabilidad de divulgación de información por medio de una petición GET a /goforms/rlminfo. No es requerida autenticación. • http://packetstormsecurity.com/files/166647/Reprise-License-Manager-14.2-Cross-Site-Scripting-Information-Disclosure.html • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45422 – RLM 14.2 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-45422
13 Jan 2022 — Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability in the /goform/activate_process "count" parameter via GET. No authentication is required. Reprise License Manager versión 14.2, está afectado por una vulnerabilidad de tipo cross-site scripting reflejado en el parámetro /goform/activate_process "count" por medio de GET. No es requerida autenticación RLM version 14.2 suffers from a cross site scripting vulnerability. • http://reprise.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-44153 – Reprise License Manager 14.2 Remote Binary Execution
https://notcve.org/view.php?id=CVE-2021-44153
08 Dec 2021 — An issue was discovered in Reprise RLM 14.2. When editing the license file, it is possible for an admin user to enable an option to run arbitrary executables, as demonstrated by an ISV demo "C:\Windows\System32\calc.exe" entry. An attacker can exploit this to run a malicious binary on startup, or when triggering the Reread/Restart Servers function on the webserver. (Exploitation does not require CVE-2018-15573, because the license file is meant to be changed in the application.) Se ha detectado un problema ... • http://packetstormsecurity.com/files/165194/Reprise-License-Manager-14.2-Remote-Binary-Execution.html •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2021-44154 – Reprise License Manager 14.2 Buffer Overflow
https://notcve.org/view.php?id=CVE-2021-44154
08 Dec 2021 — An issue was discovered in Reprise RLM 14.2. By using an admin account, an attacker can write a payload to /goform/edit_opt, which will then be triggered when running the diagnostics (via /goform/diagnostics_doit), resulting in a buffer overflow. Se ha detectado un problema en Reprise RLM versión 14.2. Al usar una cuenta de administrador, un atacante puede escribir una carga útil en /goform/edit_opt, que luego será desencadenada al ejecutar los diagnósticos (por medio de /goform/diagnostics_doit), resultand... • http://packetstormsecurity.com/files/165193/Reprise-License-Manager-14.2-Buffer-Overflow.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44151 – Reprise License Manager 14.2 Session Hijacking
https://notcve.org/view.php?id=CVE-2021-44151
08 Dec 2021 — An issue was discovered in Reprise RLM 14.2. As the session cookies are small, an attacker can hijack any existing sessions by bruteforcing the 4 hex-character session cookie on the Windows version (the Linux version appears to have 8 characters). An attacker can obtain the static part of the cookie (cookie name) by first making a request to any page on the application (e.g., /goforms/menu) and saving the name of the cookie sent with the response. The attacker can then use the name of the cookie and try to ... • http://packetstormsecurity.com/files/165191/Reprise-License-Manager-14.2-Session-Hijacking.html • CWE-330: Use of Insufficiently Random Values •