CVE-2018-15574

low-risk
Published 2018-08-20

An issue was discovered in the license editor in Reprise License Manager (RLM) through 12.2BL2. It is a cross-site scripting vulnerability in the /goform/edit_lf_get_data lf parameter via GET or POST. NOTE: the vendor has stated "We do not consider this a vulnerability."

Do I need to act?

-
0.33% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.1/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Reprisesoftware

References (4)

Exploit https://bittherapy.net/rce-with-arbitrary-file-write-and-xss-in-reprise-license-...
Product https://reprisesoftware.com/docs/whats-new.html
Exploit https://bittherapy.net/rce-with-arbitrary-file-write-and-xss-in-reprise-license-...
Product https://reprisesoftware.com/docs/whats-new.html
29
/ 100
low-risk
Severity 23/34 · High
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal