← back
CVE-2021-37499

CVE-2021-37499

CVSS 6.5 MEDIUMEPSS 0.9%CWE-74
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.5EPSS 0.9%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
20 Jan 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
CRLF vulnerability in Reprise License Manager (RLM) web interface through 14.2BL4 in the password parameter in View License Result function, that allows remote attackers to inject arbitrary HTTP headers.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://reprise.comhttp://reprisesoftware.comhttps://github.com/blakduk/Advisories/blob/main/Reprise%20License%20Manager/README.md