Unrated severityNVD Advisory· Published Aug 20, 2018· Updated Aug 5, 2024

CVE-2018-15573

Description

An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. Attackers can use the web interface to read and write data to any file on disk (as long as rlm.exe has access to it) via /goform/edit_lf_process with file content in the lfdata parameter and a pathname in the lf parameter. By default, the web interface is on port 5054, and does not require authentication. NOTE: the vendor has stated "We do not consider this a vulnerability.

Affected products

Reprise Software/Reprise License Managerinferred
Range: <=12.2BL2
Reprise License Manager/RLMllm-create
Range: <=12.2BL2

Patches

Vulnerability mechanics

References

seclists.org/fulldisclosure/2021/Dec/18mitremailing-listx_refsource_FULLDISC
bittherapy.net/rce-with-arbitrary-file-write-and-xss-in-reprise-license-manager/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000