Lucene search

[email protected]CVE-2021-37499

HistoryJan 20, 2023 - 12:15 p.m.

CVE-2021-37499

2023-01-2012:15:11

CWE-74

[email protected]

web.nvd.nist.gov

cve-2021-37499

crlf vulnerability

reprise license manager

rlm

web interface

remote attackers

http headers

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.7%

JSON

CRLF vulnerability in Reprise License Manager (RLM) web interface through 14.2BL4 in the password parameter in View License Result function, that allows remote attackers to inject arbitrary HTTP headers.

Affected configurations

NVD

Node

reprisesoftwarereprise_license_managerRange≤14.2bl4

CPENameOperatorVersion
reprisesoftware:reprise_license_managerreprisesoftware reprise license managerle14.2bl4

CPE	Name	Operator	Version
reprisesoftware:reprise_license_manager	reprisesoftware reprise license manager	le	14.2bl4

References

reprise.com

reprisesoftware.com

github.com/blakduk/Advisories/blob/main/Reprise%20License%20Manager/README.md

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.7%

JSON

Related for CVE-2021-37499

prion1 cvelist1 nvd1