Reprise Software
Products
2- 12 CVEs
- 1 CVE
Recent CVEs
13| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-28365 | 0.04 | — | 0.08 | Apr 9, 2022 | Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system… | |||
| CVE-2022-30519 | 0.03 | — | 0.03 | Dec 29, 2022 | XSS in signing form in Reprise Software RLM License Administration v14.2BL4 allows remote attacker to inject arbitrary code via password field. | |||
| CVE-2021-45422 | 0.02 | — | 0.03 | Jan 13, 2022 | Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability in the /goform/activate_process "count" parameter via GET. No authentication is required. | |||
| CVE-2022-28363 | 0.01 | — | 0.04 | Apr 9, 2022 | Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/login_process username parameter via GET. No authentication is required. | |||
| CVE-2023-43183 | 0.00 | — | 0.01 | Feb 3, 2024 | Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows read-only users to arbitrarily change the password of an admin and hijack their account. | |||
| CVE-2023-44031 | 0.00 | — | 0.01 | Feb 3, 2024 | Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows attackers to arbitrarily save sensitive files in insecure locations via a crafted POST request. | |||
| CVE-2021-37499 | 0.00 | — | 0.01 | Jan 20, 2023 | CRLF vulnerability in Reprise License Manager (RLM) web interface through 14.2BL4 in the password parameter in View License Result function, that allows remote attackers to inject arbitrary HTTP headers. | |||
| CVE-2021-37500 | 0.00 | — | 0.01 | Jan 20, 2023 | Directory traversal vulnerability in Reprise License Manager (RLM) web interface before 14.2BL4 in the diagnostics function that allows RLM users with sufficient privileges to overwrite any file the on the server. | |||
| CVE-2021-37498 | 0.00 | — | 0.01 | Jan 20, 2023 | An SSRF issue was discovered in Reprise License Manager (RLM) web interface through 14.2BL4 that allows remote attackers to trigger outbound requests to intranet servers, conduct port scans via the actserver parameter in License Activation function. | |||
| CVE-2022-28364 | 0.00 | — | 0.01 | Apr 9, 2022 | Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/rlmswitchr_process file parameter via GET. Authentication is required. | |||
| CVE-2018-15573 | 0.00 | — | 0.02 | Aug 20, 2018 | An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. Attackers can use the web interface to read and write data to any file on disk (as long as rlm.exe has access to it) via /goform/edit_lf_process with file content in the lfdata parameter and a pathname in… | |||
| CVE-2018-15574 | 0.00 | — | 0.01 | Aug 20, 2018 | An issue was discovered in the license editor in Reprise License Manager (RLM) through 12.2BL2. It is a cross-site scripting vulnerability in the /goform/edit_lf_get_data lf parameter via GET or POST. NOTE: the vendor has stated "We do not consider this a vulnerability." | |||
| CVE-2018-5716 | 0.00 | — | 0.02 | Feb 21, 2018 | An issue was discovered in Reprise License Manager 11.0. This vulnerability is a Path Traversal where the attacker, by changing a field in the Web Request, can have access to files on the File System of the Server. By specifying a pathname in the POST parameter "lf" to the… |
- CVE-2022-28365Apr 9, 2022risk 0.04cvss —epss 0.08
Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system…
- CVE-2022-30519Dec 29, 2022risk 0.03cvss —epss 0.03
XSS in signing form in Reprise Software RLM License Administration v14.2BL4 allows remote attacker to inject arbitrary code via password field.
- CVE-2021-45422Jan 13, 2022risk 0.02cvss —epss 0.03
Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability in the /goform/activate_process "count" parameter via GET. No authentication is required.
- CVE-2022-28363Apr 9, 2022risk 0.01cvss —epss 0.04
Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/login_process username parameter via GET. No authentication is required.
- CVE-2023-43183Feb 3, 2024risk 0.00cvss —epss 0.01
Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows read-only users to arbitrarily change the password of an admin and hijack their account.
- CVE-2023-44031Feb 3, 2024risk 0.00cvss —epss 0.01
Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows attackers to arbitrarily save sensitive files in insecure locations via a crafted POST request.
- CVE-2021-37499Jan 20, 2023risk 0.00cvss —epss 0.01
CRLF vulnerability in Reprise License Manager (RLM) web interface through 14.2BL4 in the password parameter in View License Result function, that allows remote attackers to inject arbitrary HTTP headers.
- CVE-2021-37500Jan 20, 2023risk 0.00cvss —epss 0.01
Directory traversal vulnerability in Reprise License Manager (RLM) web interface before 14.2BL4 in the diagnostics function that allows RLM users with sufficient privileges to overwrite any file the on the server.
- CVE-2021-37498Jan 20, 2023risk 0.00cvss —epss 0.01
An SSRF issue was discovered in Reprise License Manager (RLM) web interface through 14.2BL4 that allows remote attackers to trigger outbound requests to intranet servers, conduct port scans via the actserver parameter in License Activation function.
- CVE-2022-28364Apr 9, 2022risk 0.00cvss —epss 0.01
Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/rlmswitchr_process file parameter via GET. Authentication is required.
- CVE-2018-15573Aug 20, 2018risk 0.00cvss —epss 0.02
An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. Attackers can use the web interface to read and write data to any file on disk (as long as rlm.exe has access to it) via /goform/edit_lf_process with file content in the lfdata parameter and a pathname in…
- CVE-2018-15574Aug 20, 2018risk 0.00cvss —epss 0.01
An issue was discovered in the license editor in Reprise License Manager (RLM) through 12.2BL2. It is a cross-site scripting vulnerability in the /goform/edit_lf_get_data lf parameter via GET or POST. NOTE: the vendor has stated "We do not consider this a vulnerability."
- CVE-2018-5716Feb 21, 2018risk 0.00cvss —epss 0.02
An issue was discovered in Reprise License Manager 11.0. This vulnerability is a Path Traversal where the attacker, by changing a field in the Web Request, can have access to files on the File System of the Server. By specifying a pathname in the POST parameter "lf" to the…