Reprise License Manager 14.2 漏洞列表

Reprise License Manager 14.2 contains a reflected cross-site scripting vulnerability in the /goform/login_process 'username' parameter via GET, whereby no authentication is required.

Reprise License Manager 14.2 is susceptible to information disclosure via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture and file/directory information. An attacker can possibly obtain further sensitive information, modify data, and/or execute unauthorized operations.

Reprise License Manager 14.2 contains a reflected cross-site scripting vulnerability in the /goform/login_process 'username' parameter via GET, whereby no authentication is required.

Reprise License Manager 14.2 is susceptible to information disclosure via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture and file/directory information. An attacker can possibly obtain further sensitive information, modify data, and/or execute unauthorized operations.

Reprise License Manager (RLM) 14.2不验证身份验证或授权，允许未经身份验证的用户更改任何现有用户的密码。