← back
CVE-2021-37498

CVE-2021-37498

CVSS 6.5 MEDIUMEPSS 0.8%CWE-918
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.5EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
20 Jan 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An SSRF issue was discovered in Reprise License Manager (RLM) web interface through 14.2BL4 that allows remote attackers to trigger outbound requests to intranet servers, conduct port scans via the actserver parameter in License Activation function.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://reprise.comhttp://reprisesoftware.comhttps://github.com/blakduk/Advisories/blob/main/Reprise%20License%20Manager/README.md