CVSS: 9.8EPSS: 83%CPEs: 1EXPL: 1CVE-2021-44152 – Reprise License Manager 14.2 Unauthenticated Password Change
https://notcve.org/view.php?id=CVE-2021-44152
08 Dec 2021 — An issue was discovered in Reprise RLM 14.2. Because /goform/change_password_process does not verify authentication or authorization, an unauthenticated user can change the password of any existing user. This allows an attacker to change the password of any known user, thereby preventing valid users from accessing the system and granting the attacker full access to that user's account. Se ha detectado un problema en Reprise RLM versión 14.2. Debido a que /goform/change_password_process no verifica la autent... • http://packetstormsecurity.com/files/165186/Reprise-License-Manager-14.2-Unauthenticated-Password-Change.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-44155 – Reprise License Manager 14.2 User Enumeration
https://notcve.org/view.php?id=CVE-2021-44155
08 Dec 2021 — An issue was discovered in /goform/login_process in Reprise RLM 14.2. When an attacker attempts to login, the response if a username is valid includes Login Failed, but does not include this string if the username is invalid. This allows an attacker to enumerate valid users. Se ha detectado un problema en /goform/login_process en Reprise RLM versión 14.2. Cuando un atacante intenta iniciar sesión, la respuesta si un nombre de usuario es válido incluye Login Failed, pero no incluye esta cadena si el nombre d... • http://packetstormsecurity.com/files/165182/Reprise-License-Manager-14.2-User-Enumeration.html • CWE-209: Generation of Error Message Containing Sensitive Information •