CVE-2021-44152
CRITICAL NUCLEIReprise License Manager < 15.1 - Unauthenticated Password Change via /goform/change_password_process
Title source: llmExploitation Summary
CVE-2021-44152 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
An issue was discovered in Reprise RLM 14.2. Because /goform/change_password_process does not verify authentication or authorization, an unauthenticated user can change the password of any existing user. This allows an attacker to change the password of any known user, thereby preventing valid users from accessing the system and granting the attacker full access to that user's account.
Nuclei Templates (1)
Reprise License Manager 14.2 - Authentication Bypass
CRITICALVERIFIEDby Akincibor
Shodan:
http.html:"Reprise License Manager" || http.html:"reprise license" || http.html:"reprise license manager"
FOFA:
body="reprise license manager" || body="reprise license"
References (3)
Core 3
Core References
Exploit, Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/165186/Reprise-License-Manager-14.2-Unauthenticated-Password-Change.html
Patch, Product, Vendor Advisory
https://reprisesoftware.com/admin/rlm-admin-download.php?&euagree=yes
Vendor Advisory
https://www.reprisesoftware.com/RELEASE_NOTES
Scores
CVSS v3
9.8
EPSS
0.5856
EPSS Percentile
99.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-306
Status
published
Products (1)
reprisesoftware/reprise_license_manager
< 15.1
Published
Dec 13, 2021
Tracked Since
Feb 18, 2026