CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-37498
https://notcve.org/view.php?id=CVE-2021-37498
20 Jan 2023 — An SSRF issue was discovered in Reprise License Manager (RLM) web interface through 14.2BL4 that allows remote attackers to trigger outbound requests to intranet servers, conduct port scans via the actserver parameter in License Activation function. • http://reprise.com • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-37499
https://notcve.org/view.php?id=CVE-2021-37499
20 Jan 2023 — CRLF vulnerability in Reprise License Manager (RLM) web interface through 14.2BL4 in the password parameter in View License Result function, that allows remote attackers to inject arbitrary HTTP headers. • http://reprise.com • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-37500
https://notcve.org/view.php?id=CVE-2021-37500
20 Jan 2023 — Directory traversal vulnerability in Reprise License Manager (RLM) web interface before 14.2BL4 in the diagnostics function that allows RLM users with sufficient privileges to overwrite any file the on the server. • http://reprise.com • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 83%CPEs: 1EXPL: 1CVE-2021-44152 – Reprise License Manager 14.2 Unauthenticated Password Change
https://notcve.org/view.php?id=CVE-2021-44152
08 Dec 2021 — An issue was discovered in Reprise RLM 14.2. Because /goform/change_password_process does not verify authentication or authorization, an unauthenticated user can change the password of any existing user. This allows an attacker to change the password of any known user, thereby preventing valid users from accessing the system and granting the attacker full access to that user's account. Se ha detectado un problema en Reprise RLM versión 14.2. Debido a que /goform/change_password_process no verifica la autent... • http://packetstormsecurity.com/files/165186/Reprise-License-Manager-14.2-Unauthenticated-Password-Change.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2018-15573
https://notcve.org/view.php?id=CVE-2018-15573
20 Aug 2018 — An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. Attackers can use the web interface to read and write data to any file on disk (as long as rlm.exe has access to it) via /goform/edit_lf_process with file content in the lfdata parameter and a pathname in the lf parameter. By default, the web interface is on port 5054, and does not require authentication. NOTE: the vendor has stated "We do not consider this a vulnerability. ** EN DISPUTA ** Se ha descubierto un problema en Reprise Lic... • http://seclists.org/fulldisclosure/2021/Dec/18 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-15574
https://notcve.org/view.php?id=CVE-2018-15574
20 Aug 2018 — An issue was discovered in the license editor in Reprise License Manager (RLM) through 12.2BL2. It is a cross-site scripting vulnerability in the /goform/edit_lf_get_data lf parameter via GET or POST. NOTE: the vendor has stated "We do not consider this a vulnerability." ** EN DISPUTA ** Se ha descubierto un problema en el editor de licencias en Reprise License Manager (RLM) hasta la versión 12.2.BL2. Es una vulnerabilidad Cross-Site Scripting (XSS) en el parámetro If en /goform/edit_lf_get_data mediante GE... • https://bittherapy.net/rce-with-arbitrary-file-write-and-xss-in-reprise-license-manager • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-5716
https://notcve.org/view.php?id=CVE-2018-5716
21 Feb 2018 — An issue was discovered in Reprise License Manager 11.0. This vulnerability is a Path Traversal where the attacker, by changing a field in the Web Request, can have access to files on the File System of the Server. By specifying a pathname in the POST parameter "lf" to the goform/edit_lf_get_data URI, the attacker can retrieve the content of a file. Se ha descubierto un problema en Reprise License Manager 11.0. La vulnerabilidad es un salto de directorio en el que el atacante, al cambiar un campo en la peti... • http://www.0x90.zone/web/path-traversal/2018/02/16/Path-Traversal-Reprise-LM.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •