Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28365 | 1 Reprisesoftware | 1 Reprise License Manager | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture, and file/directory details. | |||||
| CVE-2021-45422 | 1 Reprisesoftware | 1 Reprise License Manager | 2022-01-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability in the /goform/activate_process "count" parameter via GET. No authentication is required. | |||||
| CVE-2021-44155 | 1 Reprisesoftware | 1 Reprise License Manager | 2021-12-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in /goform/login_process in Reprise RLM 14.2. When an attacker attempts to login, the response if a username is valid includes Login Failed, but does not include this string if the username is invalid. This allows an attacker to enumerate valid users. | |||||
| CVE-2018-15574 | 1 Reprisesoftware | 1 Reprise License Manager | 2018-11-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** An issue was discovered in the license editor in Reprise License Manager (RLM) through 12.2BL2. It is a cross-site scripting vulnerability in the /goform/edit_lf_get_data lf parameter via GET or POST. NOTE: the vendor has stated "We do not consider this a vulnerability." | |||||