Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. Attackers can use the web interface to read and write data to any file on disk (as long as rlm.exe has access to it) via /goform/edit_lf_process with file content in the lfdata parameter and a pathname in the lf parameter. By default, the web interface is on port 5054, and does not require authentication. NOTE: the vendor has stated "We do not consider this a vulnerability.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Reprise License Manager 安全漏洞
Vulnerability Description
Reprise License Manager(RLM)是美国Reprise公司的一套许可证管理软件。 Reprise RLM 12.2BL2及之前版本中存在安全漏洞,该漏洞源于在默认情况下,5054端口上的Web界面没有要求进行身份验证。攻击者可通过向/goform/edit_lf_process URL发送带有文件内容的‘lfdata’参数和带有路径名的‘lf’参数请求利用该漏洞读取并向磁盘上的任意文件写入数据。
CVSS Information
N/A
Vulnerability Type
N/A