Vulnerability Description
An issue was discovered in Reprise RLM 14.2. By using an admin account, an attacker can write a payload to /goform/edit_opt, which will then be triggered when running the diagnostics (via /goform/diagnostics_doit), resulting in a buffer overflow.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Reprisesoftware | Reprise License Manager | >= 14.2, < 16.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/165193/Reprise-License-Manager-14.2-Buffer-ExploitThird Party AdvisoryVDB Entry
- https://reprisesoftware.com/admin/rlm-admin-download.php?&euagree=yesPatchProductVendor Advisory
- http://packetstormsecurity.com/files/165193/Reprise-License-Manager-14.2-Buffer-ExploitThird Party AdvisoryVDB Entry
- https://reprisesoftware.com/admin/rlm-admin-download.php?&euagree=yesPatchProductVendor Advisory
FAQ
What is CVE-2021-44154?
CVE-2021-44154 is a vulnerability with a CVSS score of 7.2 (HIGH). An issue was discovered in Reprise RLM 14.2. By using an admin account, an attacker can write a payload to /goform/edit_opt, which will then be triggered when running the diagnostics (via /goform/diag...
How severe is CVE-2021-44154?
CVE-2021-44154 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-44154?
Check the references section above for vendor advisories and patch information. Affected products include: Reprisesoftware Reprise License Manager.