Reprisesoftware

Reprise License Manager

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2021-45422

Exploit
  • EPSS 8.61%
  • Veröffentlicht 13.01.2022 19:15:08
  • Zuletzt bearbeitet 30.04.2025 20:53:22

Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability in the /goform/activate_process "count" parameter via GET. No authentication is required.

5.3

CVE-2021-44155

Exploit
  • EPSS 0.95%
  • Veröffentlicht 13.12.2021 04:15:07
  • Zuletzt bearbeitet 30.04.2025 21:01:02

An issue was discovered in /goform/login_process in Reprise RLM 14.2. When an attacker attempts to login, the response if a username is valid includes Login Failed, but does not include this string if the username is invalid. This allows an attacker ...

7.2

CVE-2021-44154

Exploit
  • EPSS 0.67%
  • Veröffentlicht 13.12.2021 04:15:07
  • Zuletzt bearbeitet 30.04.2025 20:59:47

An issue was discovered in Reprise RLM 14.2. By using an admin account, an attacker can write a payload to /goform/edit_opt, which will then be triggered when running the diagnostics (via /goform/diagnostics_doit), resulting in a buffer overflow.

9

CVE-2021-44153

Exploit
  • EPSS 0.82%
  • Veröffentlicht 13.12.2021 04:15:07
  • Zuletzt bearbeitet 30.04.2025 21:03:30

An issue was discovered in Reprise RLM 14.2. When editing the license file, it is possible for an admin user to enable an option to run arbitrary executables, as demonstrated by an ISV demo "C:\Windows\System32\calc.exe" entry. An attacker can exploi...

9.8

CVE-2021-44152

Exploit
  • EPSS 86.67%
  • Veröffentlicht 13.12.2021 04:15:07
  • Zuletzt bearbeitet 21.11.2024 06:30:27

An issue was discovered in Reprise RLM 14.2. Because /goform/change_password_process does not verify authentication or authorization, an unauthenticated user can change the password of any existing user. This allows an attacker to change the password...

7.5

CVE-2021-44151

  • EPSS 0.4%
  • Veröffentlicht 13.12.2021 04:15:07
  • Zuletzt bearbeitet 30.04.2025 21:01:39

An issue was discovered in Reprise RLM 14.2. As the session cookies are small, an attacker can hijack any existing sessions by bruteforcing the 4 hex-character session cookie on the Windows version (the Linux version appears to have 8 characters). An...

6.1

CVE-2018-15574

Exploit
  • EPSS 0.33%
  • Veröffentlicht 20.08.2018 02:29:00
  • Zuletzt bearbeitet 30.04.2025 21:02:05

An issue was discovered in the license editor in Reprise License Manager (RLM) through 12.2BL2. It is a cross-site scripting vulnerability in the /goform/edit_lf_get_data lf parameter via GET or POST. NOTE: the vendor has stated "We do not consider t...

9.3

CVE-2018-15573

Exploit
  • EPSS 0.72%
  • Veröffentlicht 20.08.2018 02:29:00
  • Zuletzt bearbeitet 30.04.2025 21:02:28

An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. Attackers can use the web interface to read and write data to any file on disk (as long as rlm.exe has access to it) via /goform/edit_lf_process with file content in the lfdata...

8.5

CVE-2018-5716

Exploit
  • EPSS 0.43%
  • Veröffentlicht 21.02.2018 15:29:00
  • Zuletzt bearbeitet 30.04.2025 21:02:42

An issue was discovered in Reprise License Manager 11.0. This vulnerability is a Path Traversal where the attacker, by changing a field in the Web Request, can have access to files on the File System of the Server. By specifying a pathname in the POS...