Lucene search

[email protected]CVE-2021-44154

HistoryDec 13, 2021 - 4:15 a.m.

CVE-2021-44154

2021-12-1304:15:00

CWE-120

[email protected]

web.nvd.nist.gov

nvd

cve-2021-44154

reprise rlm

admin account

buffer overflow

security issue

diagnostics

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

41.4%

JSON

An issue was discovered in Reprise RLM 14.2. By using an admin account, an attacker can write a payload to /goform/edit_opt, which will then be triggered when running the diagnostics (via /goform/diagnostics_doit), resulting in a buffer overflow.

CPENameOperatorVersion
reprisesoftware:reprise_license_managerreprisesoftware reprise license managereq14.2

CPE	Name	Operator	Version
reprisesoftware:reprise_license_manager	reprisesoftware reprise license manager	eq	14.2

References

packetstormsecurity.com/files/165193/Reprise-License-Manager-14.2-Buffer-Overflow.html

reprisesoftware.com/admin/rlm-admin-download.php?&euagree=yes

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

41.4%

JSON

Related for CVE-2021-44154

prion1 zdt1 cnvd1 packetstorm1