Lucene search
K

Reprise License Manager 14.2 - Information Disclosure

🗓️ 06 Jul 2026 03:02:03Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 25 Views

Reprise License Manager 14.2 information disclosure via GET reques

Related
Refs
Code
ReporterTitlePublishedViews
Family
0day.today
Reprise License Manager 14.2 Cross Site Scripting / Information Disclosure Vulnerabilities
8 Apr 202200:00
zdt
ATTACKERKB
CVE-2022-28365
9 Apr 202217:15
attackerkb
Circl
CVE-2022-28365
9 Apr 202220:14
circl
CNNVD
Reprise Software Reprise License Manager 跨站脚本漏洞
9 Apr 202200:00
cnnvd
CVE
CVE-2022-28365
9 Apr 202200:00
cve
Cvelist
CVE-2022-28365
9 Apr 202200:00
cvelist
NVD
CVE-2022-28365
9 Apr 202217:15
nvd
OSV
CVE-2022-28365
9 Apr 202217:15
osv
Packet Storm
Reprise License Manager 14.2 Cross Site Scripting / Information Disclosure
8 Apr 202200:00
packetstorm
Prion
Information disclosure
9 Apr 202217:15
prion
Rows per page
id: CVE-2022-28365

info:
  name: Reprise License Manager 14.2 - Information Disclosure
  author: Akincibor
  severity: medium
  description: |
    Reprise License Manager 14.2 is susceptible to information disclosure via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture and file/directory information. An attacker can possibly obtain further sensitive information, modify data, and/or execute unauthorized operations.
  impact: |
    An attacker can exploit this vulnerability to gain sensitive information.
  remediation: |
    Apply the latest security patch or upgrade to a non-vulnerable version of Reprise License Manager.
  reference:
    - https://www.reprisesoftware.com/products/software-license-management.php
    - https://github.com/advisories/GHSA-4g2v-6x25-vr7p
    - http://packetstormsecurity.com/files/166647/Reprise-License-Manager-14.2-Cross-Site-Scripting-Information-Disclosure.html
    - https://nvd.nist.gov/vuln/detail/CVE-2022-28365
    - https://www.reprisesoftware.com/RELEASE_NOTES
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2022-28365
    cwe-id: CWE-425
    epss-score: 0.08359
    epss-percentile: 0.94284
    cpe: cpe:2.3:a:reprisesoftware:reprise_license_manager:14.2:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: reprisesoftware
    product: reprise_license_manager
    shodan-query:
      - http.html:"reprise license"
      - http.html:"reprise license manager"
    fofa-query:
      - body="reprise license manager"
      - body="reprise license"
    google-query: inurl:"/goforms/menu"
  tags: cve,cve2022,rlm,packetstorm,exposure,reprisesoftware,vkev,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/goforms/rlminfo"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "RLM Version"
          - "Platform type"
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100ed83765d41665a36ffc85749f2ba0103520017d8b417543c43f35bd477824525022056ac8906ca263e5b185b9bf0e5aa4062402b272d1df7cd7c33e714ce373f6bef:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.2Medium risk
Vulners AI Score6.2
CVSS 25
CVSS 3.15.3
EPSS0.08359
25