Lucene search
K

66 matches found

Prion
Prion
added 2023/01/20 12:15 p.m.8 views

Crlf injection

CRLF vulnerability in Reprise License Manager RLM web interface through 14.2BL4 in the password parameter in View License Result function, that allows remote attackers to inject arbitrary HTTP headers...

4.3CVSS6.7AI score0.00691EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/01/20 12:0 a.m.24 views

CVE-2021-37500

Directory traversal vulnerability in Reprise License Manager RLM web interface before 14.2BL4 in the diagnostics function that allows RLM users with sufficient privileges to overwrite any file the on the server...

8.2AI score0.00973EPSS
Exploits0References1
CVE
CVE
added 2023/01/20 12:0 a.m.53 views

CVE-2021-37498

CVE-2021-37498 describes a server-side request forgery (SSRF) in the Reprise License Manager (RLM) web interface (up to version 14.2BL4 and prior). The vulnerability allows remote attackers to trigger outbound requests to intranet servers and perform port scanning via the actserver parameter in t...

6.5CVSS6.5AI score0.00594EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/01/20 12:0 a.m.58 views

CVE-2021-37500

The CVE-2021-37500 issue affects Reprise License Manager (RLM) web interface prior to version 14.2BL4. A directory traversal flaw in the diagnostics function allows RLM users with sufficient privileges to overwrite any file on the server. Impact is server file overwrite (high) with network access...

8.1CVSS8AI score0.00973EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/01/20 12:0 a.m.61 views

CVE-2021-37499

The CVE-2021-37499 entry describes a CRLF injection vulnerability in Reprise License Manager (RLM) web interface up to version 14.2BL4, located in the password parameter of the View License Result function. The underlying issue is unsanitized user input that allows remote attackers to inject arbi...

6.5CVSS6.6AI score0.00691EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/12/29 11:15 p.m.5 views

CVE-2022-30519

XSS in signing form in Reprise Software RLM License Administration v14.2BL4 allows remote attacker to inject arbitrary code via password field...

6.1CVSS6AI score0.02527EPSS
Exploits4References2
Prion
Prion
added 2022/12/29 11:15 p.m.14 views

Code injection

XSS in signing form in Reprise Software RLM License Administration v14.2BL4 allows remote attacker to inject arbitrary code via password field...

5.8CVSS6.3AI score0.02527EPSS
Exploits4References2Affected Software1
Cvelist
Cvelist
added 2022/12/29 12:0 a.m.40 views

CVE-2022-30519

XSS in signing form in Reprise Software RLM License Administration v14.2BL4 allows remote attacker to inject arbitrary code via password field...

6.5AI score0.02527EPSS
Exploits4References2
CVE
CVE
added 2022/12/29 12:0 a.m.70 views

CVE-2022-30519

CVE-2022-30519 affects Reprise Software RLM License Administration v14.2BL4. The issue is an XSS in the signing form’s password field that allows a remote attacker to inject arbitrary code. Exploitation details and PoCs are present in connected sources (e.g., exploit-db/packetstorm). The document...

6.1CVSS6.3AI score0.02527EPSS
Exploits4References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/12/29 12:0 a.m.4 views

PT-2022-20156 · Reprise · Reprise Software Rlm License Administration

Name of the Vulnerable Software and Affected Versions: Reprise Software RLM License Administration version 14.2BL4 Description: The issue allows a remote attacker to inject arbitrary code via the password field in the signing form, potentially leading to code execution. Recommendations: For Repri...

6.1CVSS7.8AI score0.02527EPSS
Exploits4References7
Vulnrichment
Vulnrichment
added 2022/12/29 12:0 a.m.5 views

CVE-2022-30519

XSS in signing form in Reprise Software RLM License Administration v14.2BL4 allows remote attacker to inject arbitrary code via password field...

6.7AI score0.02527EPSS
Exploits4References2
0day.today
0day.today
added 2022/01/13 12:0 a.m.273 views

RLM 14.2 Cross Site Scripting Vulnerability

Product: RLM 14.2 Vendor: Reprise Software CVE ID: CVE-2021-45422 Vulnerability Title: Reflected Cross-Site Scripting Severity: Medium Authors: Giulia Melotti Garibaldi Introduction: An issue was discovered in Reprise License Manager 14.2, Reprise License Manager 14.2 is affected by a reflected...

6.1CVSS6.4AI score0.03241EPSS
Exploits3
Packet Storm
Packet Storm
added 2022/01/13 12:0 a.m.367 views

RLM 14.2 Cross Site Scripting

Product: RLM 14.2 Vendor: Reprise Software CVE ID: CVE-2021-45422 Vulnerability Title: Reflected Cross-Site Scripting Severity: Medium Authors: Giulia Melotti Garibaldi Date: 2022-01-11 Introduction: An issue was discovered in Reprise License Manager 14.2, Reprise License Manager 14.2 is affected...

6.4AI score0.03241EPSS
Exploits3
OSV
OSV
added 2021/12/13 4:15 a.m.4 views

CVE-2021-44152

An issue was discovered in Reprise RLM 14.2. Because /goform/changepasswordprocess does not verify authentication or authorization, an unauthenticated user can change the password of any existing user. This allows an attacker to change the password of any known user, thereby preventing valid user...

9.8CVSS7.3AI score0.58555EPSS
Exploits3References3
NVD
NVD
added 2021/12/13 4:15 a.m.15 views

CVE-2021-44152

An issue was discovered in Reprise RLM 14.2. Because /goform/changepasswordprocess does not verify authentication or authorization, an unauthenticated user can change the password of any existing user. This allows an attacker to change the password of any known user, thereby preventing valid user...

9.8CVSS0.58555EPSS
Exploits3References3
NVD
NVD
added 2021/12/13 4:15 a.m.11 views

CVE-2021-44151

An issue was discovered in Reprise RLM 14.2. As the session cookies are small, an attacker can hijack any existing sessions by bruteforcing the 4 hex-character session cookie on the Windows version the Linux version appears to have 8 characters. An attacker can obtain the static part of the cooki...

7.5CVSS0.02529EPSS
Exploits2References3
NVD
NVD
added 2021/12/13 4:15 a.m.12 views

CVE-2021-44153

An issue was discovered in Reprise RLM 14.2. When editing the license file, it is possible for an admin user to enable an option to run arbitrary executables, as demonstrated by an ISV demo "C:\Windows\System32\calc.exe" entry. An attacker can exploit this to run a malicious binary on startup, or...

9CVSS0.02005EPSS
Exploits3References2
NVD
NVD
added 2021/12/13 4:15 a.m.25 views

CVE-2021-44155

An issue was discovered in /goform/loginprocess in Reprise RLM 14.2. When an attacker attempts to login, the response if a username is valid includes Login Failed, but does not include this string if the username is invalid. This allows an attacker to enumerate valid users...

5.3CVSS0.01846EPSS
Exploits3References3
NVD
NVD
added 2021/12/13 4:15 a.m.14 views

CVE-2021-44154

An issue was discovered in Reprise RLM 14.2. By using an admin account, an attacker can write a payload to /goform/editopt, which will then be triggered when running the diagnostics via /goform/diagnosticsdoit, resulting in a buffer overflow...

7.2CVSS0.0185EPSS
Exploits3References2
OSV
OSV
added 2021/12/13 4:15 a.m.3 views

CVE-2021-44151

An issue was discovered in Reprise RLM 14.2. As the session cookies are small, an attacker can hijack any existing sessions by bruteforcing the 4 hex-character session cookie on the Windows version the Linux version appears to have 8 characters. An attacker can obtain the static part of the cooki...

7.5CVSS5.8AI score0.02529EPSS
Exploits2References3
Rows per page
Query Builder