exploitDog

CVE-2021-37498

Опубликовано: 20 янв. 2023

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

An SSRF issue was discovered in Reprise License Manager (RLM) web interface through 14.2BL4 that allows remote attackers to trigger outbound requests to intranet servers, conduct port scans via the actserver parameter in License Activation function.

Ссылки

http://reprise.com
Not Applicable
http://reprisesoftware.com
Product
https://github.com/blakduk/Advisories/blob/main/Reprise%20License%20Manager/README.md
Third Party Advisory
http://reprise.com
Not Applicable
http://reprisesoftware.com
Product
https://github.com/blakduk/Advisories/blob/main/Reprise%20License%20Manager/README.md
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:reprisesoftware:reprise_license_manager:*:*:*:*:*:*:*:*

Версия до 17.0 (исключая)

EPSS

Процентиль: 40%

0.00186

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-918

CWE-918

Связанные уязвимости

GHSA-rq9c-34hq-jqg8

CVSS3: 6.5

github

около 3 лет назад

An SSRF issue was discovered in Reprise License Manager (RLM) web interface through 14.2BL4 that allows remote attackers to trigger outbound requests to intranet servers, conduct port scans via the actserver parameter in License Activation function.

EPSS

Процентиль: 40%

0.00186

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-918

CWE-918