CVE-2021-44153
HIGH
7,2
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: high
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
HIGH
9,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: single
Confidentiality: complete
Integrity: complete
Availability: complete
Description
AI Translation Available
An issue was discovered in Reprise RLM 14.2. When editing the license file, it is possible for an admin user to enable an option to run arbitrary executables, as demonstrated by an ISV demo 'C:\Windows\System32\calc.exe' entry. An attacker can exploit this to run a malicious binary on startup, or when triggering the Reread/Restart Servers function on the webserver. (Exploitation does not require CVE-2018-15573, because the license file is meant to be changed in the application.)
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0082
Percentile
0,7th
Updated
EPSS Score Trend (Last 90 Days)
Application
Reprise License Manager by Reprisesoftware
Version Range Affected
From
14.2
(inclusive)
To
17.0
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:reprisesoftware:reprise_license_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
http://packetstormsecurity.com/files/165194/Reprise-License-Manager-14.2-Remote…
https://reprisesoftware.com/admin/rlm-admin-download.php?&euagree=yes
http://packetstormsecurity.com/files/165194/Reprise-License-Manager-14.2-Remote…
https://reprisesoftware.com/admin/rlm-admin-download.php?&euagree=yes