Reprise License Manager
CVEs (12)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-28365 | 0.04 | — | 0.08 | Apr 9, 2022 | Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system… | |||
| CVE-2021-45422 | 0.02 | — | 0.03 | Jan 13, 2022 | Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability in the /goform/activate_process "count" parameter via GET. No authentication is required. | |||
| CVE-2022-28363 | 0.01 | — | 0.04 | Apr 9, 2022 | Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/login_process username parameter via GET. No authentication is required. | |||
| CVE-2023-44031 | 0.00 | — | 0.01 | Feb 3, 2024 | Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows attackers to arbitrarily save sensitive files in insecure locations via a crafted POST request. | |||
| CVE-2023-43183 | 0.00 | — | 0.01 | Feb 3, 2024 | Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows read-only users to arbitrarily change the password of an admin and hijack their account. | |||
| CVE-2021-37499 | 0.00 | — | 0.01 | Jan 20, 2023 | CRLF vulnerability in Reprise License Manager (RLM) web interface through 14.2BL4 in the password parameter in View License Result function, that allows remote attackers to inject arbitrary HTTP headers. | |||
| CVE-2021-37498 | 0.00 | — | 0.01 | Jan 20, 2023 | An SSRF issue was discovered in Reprise License Manager (RLM) web interface through 14.2BL4 that allows remote attackers to trigger outbound requests to intranet servers, conduct port scans via the actserver parameter in License Activation function. | |||
| CVE-2021-37500 | 0.00 | — | 0.01 | Jan 20, 2023 | Directory traversal vulnerability in Reprise License Manager (RLM) web interface before 14.2BL4 in the diagnostics function that allows RLM users with sufficient privileges to overwrite any file the on the server. | |||
| CVE-2022-28364 | 0.00 | — | 0.01 | Apr 9, 2022 | Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/rlmswitchr_process file parameter via GET. Authentication is required. | |||
| CVE-2018-15574 | 0.00 | — | 0.01 | Aug 20, 2018 | An issue was discovered in the license editor in Reprise License Manager (RLM) through 12.2BL2. It is a cross-site scripting vulnerability in the /goform/edit_lf_get_data lf parameter via GET or POST. NOTE: the vendor has stated "We do not consider this a vulnerability." | |||
| CVE-2018-15573 | 0.00 | — | 0.02 | Aug 20, 2018 | An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. Attackers can use the web interface to read and write data to any file on disk (as long as rlm.exe has access to it) via /goform/edit_lf_process with file content in the lfdata parameter and a pathname in… | |||
| CVE-2018-5716 | 0.00 | — | 0.02 | Feb 21, 2018 | An issue was discovered in Reprise License Manager 11.0. This vulnerability is a Path Traversal where the attacker, by changing a field in the Web Request, can have access to files on the File System of the Server. By specifying a pathname in the POST parameter "lf" to the… |
- CVE-2022-28365Apr 9, 2022risk 0.04cvss —epss 0.08
Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system…
- CVE-2021-45422Jan 13, 2022risk 0.02cvss —epss 0.03
Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability in the /goform/activate_process "count" parameter via GET. No authentication is required.
- CVE-2022-28363Apr 9, 2022risk 0.01cvss —epss 0.04
Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/login_process username parameter via GET. No authentication is required.
- CVE-2023-44031Feb 3, 2024risk 0.00cvss —epss 0.01
Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows attackers to arbitrarily save sensitive files in insecure locations via a crafted POST request.
- CVE-2023-43183Feb 3, 2024risk 0.00cvss —epss 0.01
Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows read-only users to arbitrarily change the password of an admin and hijack their account.
- CVE-2021-37499Jan 20, 2023risk 0.00cvss —epss 0.01
CRLF vulnerability in Reprise License Manager (RLM) web interface through 14.2BL4 in the password parameter in View License Result function, that allows remote attackers to inject arbitrary HTTP headers.
- CVE-2021-37498Jan 20, 2023risk 0.00cvss —epss 0.01
An SSRF issue was discovered in Reprise License Manager (RLM) web interface through 14.2BL4 that allows remote attackers to trigger outbound requests to intranet servers, conduct port scans via the actserver parameter in License Activation function.
- CVE-2021-37500Jan 20, 2023risk 0.00cvss —epss 0.01
Directory traversal vulnerability in Reprise License Manager (RLM) web interface before 14.2BL4 in the diagnostics function that allows RLM users with sufficient privileges to overwrite any file the on the server.
- CVE-2022-28364Apr 9, 2022risk 0.00cvss —epss 0.01
Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/rlmswitchr_process file parameter via GET. Authentication is required.
- CVE-2018-15574Aug 20, 2018risk 0.00cvss —epss 0.01
An issue was discovered in the license editor in Reprise License Manager (RLM) through 12.2BL2. It is a cross-site scripting vulnerability in the /goform/edit_lf_get_data lf parameter via GET or POST. NOTE: the vendor has stated "We do not consider this a vulnerability."
- CVE-2018-15573Aug 20, 2018risk 0.00cvss —epss 0.02
An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. Attackers can use the web interface to read and write data to any file on disk (as long as rlm.exe has access to it) via /goform/edit_lf_process with file content in the lfdata parameter and a pathname in…
- CVE-2018-5716Feb 21, 2018risk 0.00cvss —epss 0.02
An issue was discovered in Reprise License Manager 11.0. This vulnerability is a Path Traversal where the attacker, by changing a field in the Web Request, can have access to files on the File System of the Server. By specifying a pathname in the POST parameter "lf" to the…