Vulnerability Description
An issue was discovered in Reprise RLM 14.2. Because /goform/change_password_process does not verify authentication or authorization, an unauthenticated user can change the password of any existing user. This allows an attacker to change the password of any known user, thereby preventing valid users from accessing the system and granting the attacker full access to that user's account.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Reprisesoftware | Reprise License Manager | < 15.1 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/165186/Reprise-License-Manager-14.2-UnautheExploitThird Party AdvisoryVDB Entry
- https://reprisesoftware.com/admin/rlm-admin-download.php?&euagree=yesPatchProductVendor Advisory
- https://www.reprisesoftware.com/RELEASE_NOTESVendor Advisory
- http://packetstormsecurity.com/files/165186/Reprise-License-Manager-14.2-UnautheExploitThird Party AdvisoryVDB Entry
- https://reprisesoftware.com/admin/rlm-admin-download.php?&euagree=yesPatchProductVendor Advisory
- https://www.reprisesoftware.com/RELEASE_NOTESVendor Advisory
FAQ
What is CVE-2021-44152?
CVE-2021-44152 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in Reprise RLM 14.2. Because /goform/change_password_process does not verify authentication or authorization, an unauthenticated user can change the password of any existing us...
How severe is CVE-2021-44152?
CVE-2021-44152 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-44152?
Check the references section above for vendor advisories and patch information. Affected products include: Reprisesoftware Reprise License Manager.