Lucene search
K

9 matches found

NVD
NVD
added 2021/12/13 4:15 a.m.11 views

CVE-2021-44153

An issue was discovered in Reprise RLM 14.2. When editing the license file, it is possible for an admin user to enable an option to run arbitrary executables, as demonstrated by an ISV demo "C:\Windows\System32\calc.exe" entry. An attacker can exploit this to run a malicious binary on startup, or...

9CVSS0.02005EPSS
Exploits3References2
OSV
OSV
added 2021/12/13 4:15 a.m.4 views

CVE-2021-44152

An issue was discovered in Reprise RLM 14.2. Because /goform/changepasswordprocess does not verify authentication or authorization, an unauthenticated user can change the password of any existing user. This allows an attacker to change the password of any known user, thereby preventing valid user...

9.8CVSS7.3AI score0.58555EPSS
Exploits3References3
NVD
NVD
added 2021/12/13 4:15 a.m.11 views

CVE-2021-44151

An issue was discovered in Reprise RLM 14.2. As the session cookies are small, an attacker can hijack any existing sessions by bruteforcing the 4 hex-character session cookie on the Windows version the Linux version appears to have 8 characters. An attacker can obtain the static part of the cooki...

7.5CVSS0.02529EPSS
Exploits2References3
NVD
NVD
added 2021/12/13 4:15 a.m.13 views

CVE-2021-44154

An issue was discovered in Reprise RLM 14.2. By using an admin account, an attacker can write a payload to /goform/editopt, which will then be triggered when running the diagnostics via /goform/diagnosticsdoit, resulting in a buffer overflow...

7.2CVSS0.0185EPSS
Exploits3References2
Prion
Prion
added 2021/12/13 4:15 a.m.12 views

Design/Logic Flaw

An issue was discovered in /goform/loginprocess in Reprise RLM 14.2. When an attacker attempts to login, the response if a username is valid includes Login Failed, but does not include this string if the username is invalid. This allows an attacker to enumerate valid users...

5CVSS5.2AI score0.01846EPSS
Exploits3References3Affected Software1
Prion
Prion
added 2021/12/13 4:15 a.m.12 views

Cross site request forgery (csrf)

An issue was discovered in Reprise RLM 14.2. As the session cookies are small, an attacker can hijack any existing sessions by bruteforcing the 4 hex-character session cookie on the Windows version the Linux version appears to have 8 characters. An attacker can obtain the static part of the cooki...

5CVSS7.5AI score0.02529EPSS
Exploits2References3Affected Software1
CVE
CVE
added 2021/12/13 3:33 a.m.61 views

CVE-2021-44153

CVE-2021-44153 affects Reprise License Manager (RLM) 14.2. An admin user can enable an option while editing the license file to run arbitrary executables, demonstrated by the ISV entry using calc.exe. An attacker can exploit this to run a malicious binary on startup or when triggering the Reread/...

9CVSS7.6AI score0.02005EPSS
Exploits3References2Affected Software1
Cvelist
Cvelist
added 2021/12/13 12:0 a.m.25 views

CVE-2021-44152

An issue was discovered in Reprise RLM 14.2. Because /goform/changepasswordprocess does not verify authentication or authorization, an unauthenticated user can change the password of any existing user. This allows an attacker to change the password of any known user, thereby preventing valid user...

9.9AI score0.58555EPSS
Exploits3References3
Cvelist
Cvelist
added 2021/12/13 12:0 a.m.19 views

CVE-2021-44155

An issue was discovered in /goform/loginprocess in Reprise RLM 14.2. When an attacker attempts to login, the response if a username is valid includes Login Failed, but does not include this string if the username is invalid. This allows an attacker to enumerate valid users...

5.5AI score0.01846EPSS
Exploits3References3
Rows per page
Query Builder