Unrated severityNVD Advisory· Published Dec 13, 2021· Updated Aug 4, 2024

CVE-2021-44152

Description

An issue was discovered in Reprise RLM 14.2. Because /goform/change_password_process does not verify authentication or authorization, an unauthenticated user can change the password of any existing user. This allows an attacker to change the password of any known user, thereby preventing valid users from accessing the system and granting the attacker full access to that user's account.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Reprise/RLMdescription
Reprise License Manager/RLMllm-fuzzy
Range: =14.2

Patches

Vulnerability mechanics

References

packetstormsecurity.com/files/165186/Reprise-License-Manager-14.2-Unauthenticated-Password-Change.htmlmitre
reprisesoftware.com/admin/rlm-admin-download.phpmitre
www.reprisesoftware.com/RELEASE_NOTESmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.047
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000