cbcvebase.
CVE-2021-44152
published 2021-12-13

CVE-2021-44152: An issue was discovered in Reprise RLM 14.2. Because /goform/change_password_process does not verify authentication or authorization, an unauthenticated user…

PriorityP183critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
58.55%
99.0th percentile
An issue was discovered in Reprise RLM 14.2. Because /goform/change_password_process does not verify authentication or authorization, an unauthenticated user can change the password of any existing user. This allows an attacker to change the password of any known user, thereby preventing valid users from accessing the system and granting the attacker full access to that user's account.

Affected

1 ranges
VendorProductVersion rangeFixed in
reprisesoftwarereprise_license_manager< 15.115.1

Detection & IOCsextracted from sources · hover to see the quote

path/goform/change_password_process
  • Probe GET /goforms/menu and check response body for the string 'RLM Administration Commands' with HTTP 200 to confirm an exposed Reprise License Manager instance.
  • Shodan queries 'http.html:"Reprise License Manager"', 'http.html:"reprise license"', and 'http.html:"reprise license manager"' can be used to identify internet-exposed RLM instances.
  • FOFA queries 'body="reprise license manager"' and 'body="reprise license"' identify exposed RLM web interfaces.
  • Google dork 'inurl:"/goforms/menu"' can surface publicly accessible RLM administration panels.
  • Unauthenticated POST requests to /goform/change_password_process should be treated as exploitation attempts; monitor for this path in web server logs with no prior authenticated session.
  • ·The vulnerability is specific to Reprise License Manager version 14.2; other versions may or may not be affected.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.