Vulnerability Description
An SSRF issue was discovered in Reprise License Manager (RLM) web interface through 14.2BL4 that allows remote attackers to trigger outbound requests to intranet servers, conduct port scans via the actserver parameter in License Activation function.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Reprisesoftware | Reprise License Manager | < 17.0 |
Related Weaknesses (CWE)
References
- http://reprise.comNot Applicable
- http://reprisesoftware.comProduct
- https://github.com/blakduk/Advisories/blob/main/Reprise%20License%20Manager/READThird Party Advisory
- http://reprise.comNot Applicable
- http://reprisesoftware.comProduct
- https://github.com/blakduk/Advisories/blob/main/Reprise%20License%20Manager/READThird Party Advisory
FAQ
What is CVE-2021-37498?
CVE-2021-37498 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An SSRF issue was discovered in Reprise License Manager (RLM) web interface through 14.2BL4 that allows remote attackers to trigger outbound requests to intranet servers, conduct port scans via the ac...
How severe is CVE-2021-37498?
CVE-2021-37498 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-37498?
Check the references section above for vendor advisories and patch information. Affected products include: Reprisesoftware Reprise License Manager.