VYPR

RLM

by Reprise

CVEs (2)

  • CVE-2021-37498MedJan 20, 2023
    risk 0.42cvss 6.5epss 0.01

    An SSRF issue was discovered in Reprise License Manager (RLM) web interface through 14.2BL4 that allows remote attackers to trigger outbound requests to intranet servers, conduct port scans via the actserver parameter in License Activation function.

  • CVE-2021-44155MedDec 13, 2021
    risk 0.35cvss 5.3epss 0.02

    An issue was discovered in /goform/login_process in Reprise RLM 14.2. When an attacker attempts to login, the response if a username is valid includes Login Failed, but does not include this string if the username is invalid. This allows an attacker to enumerate valid users.