U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Reprise License Manager
  • Search Type: Search All
  • CPE Name Search: false
There are 13 matching records.
Displaying matches 1 through 13.
Vuln ID Summary CVSS Severity
CVE-2023-44031

Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows attackers to arbitrarily save sensitive files in insecure locations via a crafted POST request.

Published: February 03, 2024; 4:15:11 AM -0500
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-43183

Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows read-only users to arbitrarily change the password of an admin and hijack their account.

Published: February 03, 2024; 4:15:11 AM -0500
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2021-37500

Directory traversal vulnerability in Reprise License Manager (RLM) web interface before 14.2BL4 in the diagnostics function that allows RLM users with sufficient privileges to overwrite any file the on the server.

Published: January 20, 2023; 7:15:11 AM -0500
V4.0:(not available)
V3.1: 8.1 HIGH
V2.0:(not available)
CVE-2021-37499

CRLF vulnerability in Reprise License Manager (RLM) web interface through 14.2BL4 in the password parameter in View License Result function, that allows remote attackers to inject arbitrary HTTP headers.

Published: January 20, 2023; 7:15:11 AM -0500
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2021-37498

An SSRF issue was discovered in Reprise License Manager (RLM) web interface through 14.2BL4 that allows remote attackers to trigger outbound requests to intranet servers, conduct port scans via the actserver parameter in License Activation function.

Published: January 20, 2023; 7:15:10 AM -0500
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2022-28365

Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture, and file/directory details.

Published: April 09, 2022; 1:15:08 PM -0400
V4.0:(not available)
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2022-28364

Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/rlmswitchr_process file parameter via GET. Authentication is required.

Published: April 09, 2022; 1:15:07 PM -0400
V4.0:(not available)
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2022-28363

Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/login_process username parameter via GET. No authentication is required.

Published: April 09, 2022; 1:15:07 PM -0400
V4.0:(not available)
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2021-45422

Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability in the /goform/activate_process "count" parameter via GET. No authentication is required.

Published: January 13, 2022; 2:15:08 PM -0500
V4.0:(not available)
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-15574

An issue was discovered in the license editor in Reprise License Manager (RLM) through 12.2BL2. It is a cross-site scripting vulnerability in the /goform/edit_lf_get_data lf parameter via GET or POST. NOTE: the vendor has stated "We do not consider this a vulnerability."

Published: August 19, 2018; 10:29:00 PM -0400
V4.0:(not available)
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-15573

An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. Attackers can use the web interface to read and write data to any file on disk (as long as rlm.exe has access to it) via /goform/edit_lf_process with file content in the lfdata parameter and a pathname in the lf parameter. By default, the web interface is on port 5054, and does not require authentication. NOTE: the vendor has stated "We do not consider this a vulnerability.

Published: August 19, 2018; 10:29:00 PM -0400
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2018-5716

An issue was discovered in Reprise License Manager 11.0. This vulnerability is a Path Traversal where the attacker, by changing a field in the Web Request, can have access to files on the File System of the Server. By specifying a pathname in the POST parameter "lf" to the goform/edit_lf_get_data URI, the attacker can retrieve the content of a file.

Published: February 21, 2018; 10:29:00 AM -0500
V4.0:(not available)
V3.0: 8.1 HIGH
V2.0: 8.5 HIGH
CVE-2015-6946

Multiple stack-based buffer overflows in the Reprise License Manager service in Borland AccuRev allow remote attackers to execute arbitrary code via the (1) akey or (2) actserver parameter to the activate_doit function or (3) licfile parameter to the service_startup_doit functionality.

Published: September 15, 2015; 2:59:05 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH