Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Reprise_license_manager
(Reprisesoftware)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 18 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-04-09 | CVE-2022-28364 | Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/rlmswitchr_process file parameter via GET. Authentication is required. | Reprise_license_manager | 5.4 | ||
| 2022-04-09 | CVE-2022-28365 | Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture, and file/directory details. | Reprise_license_manager | 5.3 | ||
| 2022-12-29 | CVE-2022-30519 | XSS in signing form in Reprise Software RLM License Administration v14.2BL4 allows remote attacker to inject arbitrary code via password field. | Reprise_license_manager | 6.1 | ||
| 2023-01-20 | CVE-2021-37498 | An SSRF issue was discovered in Reprise License Manager (RLM) web interface through 14.2BL4 that allows remote attackers to trigger outbound requests to intranet servers, conduct port scans via the actserver parameter in License Activation function. | Reprise_license_manager | 6.5 | ||
| 2023-01-20 | CVE-2021-37499 | CRLF vulnerability in Reprise License Manager (RLM) web interface through 14.2BL4 in the password parameter in View License Result function, that allows remote attackers to inject arbitrary HTTP headers. | Reprise_license_manager | 6.5 | ||
| 2023-01-20 | CVE-2021-37500 | Directory traversal vulnerability in Reprise License Manager (RLM) web interface before 14.2BL4 in the diagnostics function that allows RLM users with sufficient privileges to overwrite any file the on the server. | Reprise_license_manager | 8.1 | ||
| 2024-02-03 | CVE-2023-44031 | Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows attackers to arbitrarily save sensitive files in insecure locations via a crafted POST request. | Reprise_license_manager | 7.5 | ||
| 2021-12-13 | CVE-2021-44152 | An issue was discovered in Reprise RLM 14.2. Because /goform/change_password_process does not verify authentication or authorization, an unauthenticated user can change the password of any existing user. This allows an attacker to change the password of any known user, thereby preventing valid users from accessing the system and granting the attacker full access to that user's account. | Reprise_license_manager | 9.8 |