CVE-2018-15573

Published: Aug 20, 2018Modified: Apr 30, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. Attackers can use the web interface to read and write data to any file on disk (as long as rlm.exe has access to it) via /goform/edit_lf_process with file content in the lfdata parameter and a pathname in the lf parameter. By default, the web interface is on port 5054, and does not require authentication. NOTE: the vendor has stated "We do not consider this a vulnerability.

Affected (1)

Products: Reprisesoftware: Reprise License Manager

Reprisesoftware

1 product

Reprise License Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Reprisesoftware Reprise License Manager	Before 16.1

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

http://seclists.org/fulldisclosure/2021/Dec/18

Source: cve@mitre.org

Third Party Advisory

https://bittherapy.net/rce-with-arbitrary-file-write-and-xss-in-reprise-license-manager/

Source: cve@mitre.org

ExploitThird Party Advisory

http://seclists.org/fulldisclosure/2021/Dec/18

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bittherapy.net/rce-with-arbitrary-file-write-and-xss-in-reprise-license-manager/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.