Vulnerabilities > CVE-2021-37498 - Server-Side Request Forgery (SSRF) vulnerability in Reprisesoftware Reprise License Manager

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

reprisesoftware

CWE-918

NVD

Published: 2023-01-20

Updated: 2023-01-27

Summary

An SSRF issue was discovered in Reprise License Manager (RLM) web interface through 14.2BL4 that allows remote attackers to trigger outbound requests to intranet servers, conduct port scans via the actserver parameter in License Activation function.

Vulnerable Configurations

Part	Description	Count
Application	Reprisesoftware Reprisesoftware Reprise License Manager 9.0Bl2 Reprisesoftware Reprise License Manager 11.0 Reprisesoftware Reprise License Manager 11.1 Reprisesoftware Reprise License Manager 11.2 Reprisesoftware Reprise License Manager 11.3 Reprisesoftware Reprise License Manager 12.0 Reprisesoftware Reprise License Manager 12.0Bl2 Reprisesoftware Reprise License Manager 12.1 Reprisesoftware Reprise License Manager 12.1Bl2 Reprisesoftware Reprise License Manager 12.2 Reprisesoftware Reprise License Manager 12.2Bl2 Reprisesoftware Reprise License Manager 12.3 Reprisesoftware Reprise License Manager 12.3Bl4 Reprisesoftware Reprise License Manager 12.4 Reprisesoftware Reprise License Manager 13.0 Reprisesoftware Reprise License Manager 14.2	16

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References