Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

Reprise License Manager (RLM) Multiple Vulnerabilities

############################################################

[CVE-2021-37498] Server-side Request Forgery (SSRF)
- Description: An SSRF issue was discoverd in Reprise License Manager (RLM) web interface through 14.2BL4 that allows remote authenticated attackers to trigger outbound requests to intranet servers, conduct port scans via the actserver parameter in License Activation function.
- Vulnerability Type: Server-Side Request Forgery (SSRF)
- Vendor of Product: RepriseSoftware
- Affected Product Code Base: Reprise License Manager through 14.2BL4
- Attack Type: Remote
- Author: Blakduk
- Reference:
https://reprise.com
https://www.reprisesoftware.com/

############################################################

[CVE-2021-37499] CRLF Injection
- Description: CRLF vulnerability in Reprise License Manager (RLM) web interface through 14.2BL4 in the password parameter in View License function, that allows remote attackers to inject arbitrary HTTP Headers
- Vulnerability Type: CRLF Injection
- Vendor of Product: RepriseSoftware
- Affected Product Code Base: Reprise License Manager through 14.2BL4
- Attack Type: Remote
- Author: Blakduk
- Reference:
https://reprise.com
https://www.reprisesoftware.com/

############################################################

[CVE-2021-37500] Directory Traversal
- Description: Directory traversal vulnerability in Reprise License Manager (RLM) web interface before 14.2BL4 in the diagnostics function that allows RLM users with sufficient privileges to overwrite any file on the server.
- Vulnerability Type: Directory Traversal
- Vendor of Product: RepriseSoftware
- Affected Product Code Base: Reprise License Manager through 14.2BL4
- Affected Component: affected filesystem
- Attack Type: Remote
- Author: Blakduk
- Reference:
https://reprise.com
https://www.reprisesoftware.com/