Reprisesoftware: community verdicts
4 notable / known-exploited Reprisesoftware CVEs the community has triaged.
- CVE-2021-45422MED 6.1EPSS 3%
Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability in the /goform/activate_process "count" parameter via GET. No authentication is required.
- CVE-2021-37500HIGH 8.1Real · low riskEPSS 1%
Directory traversal vulnerability in Reprise License Manager (RLM) web interface before 14.2BL4 in the diagnostics function that allows RLM users with sufficient privileges to overwrite any file the on the server.
- CVE-2021-37499MED 6.5EPSS 1%
CRLF vulnerability in Reprise License Manager (RLM) web interface through 14.2BL4 in the password parameter in View License Result function, that allows remote attackers to inject arbitrary HTTP headers.
- CVE-2021-37498MED 6.5EPSS 1%
An SSRF issue was discovered in Reprise License Manager (RLM) web interface through 14.2BL4 that allows remote attackers to trigger outbound requests to intranet servers, conduct port scans via the actserver parameter in License Activation function.