CVE-2021-44152

nvd nist nuclei

Published: Dec 13, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An issue was discovered in Reprise RLM 14.2. Because /goform/change_password_process does not verify authentication or authorization, an unauthenticated user can change the password of any existing user. This allows an attacker to change the password of any known user, thereby preventing valid users from accessing the system and granting the attacker full access to that user's account.

Affected (1)

Products: Reprisesoftware: Reprise License Manager

Reprisesoftware

1 product

Reprise License Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Reprisesoftware Reprise License Manager	Before 15.1

Related CWEs

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (6)

http://packetstormsecurity.com/files/165186/Reprise-License-Manager-14.2-Unauthenticated-Password-Change.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://reprisesoftware.com/admin/rlm-admin-download.php?&euagree=yes

Source: cve@mitre.org

PatchProductVendor Advisory

https://www.reprisesoftware.com/RELEASE_NOTES

Source: cve@mitre.org

Vendor Advisory

http://packetstormsecurity.com/files/165186/Reprise-License-Manager-14.2-Unauthenticated-Password-Change.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://reprisesoftware.com/admin/rlm-admin-download.php?&euagree=yes

Source: af854a3a-2127-422b-91ae-364da2661108

PatchProductVendor Advisory

https://www.reprisesoftware.com/RELEASE_NOTES

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.