Mohaiman Rahim

**Name of the Vulnerable Software and Affected Versions** Reprise License Manager version 15.1 **Description** The issue allows read-only users to arbitrarily change the password of an admin and hijack their account due to incorrect access control in Reprise License Management Software. **Recommendations** For Reprise License Manager version 15.1, consider restricting access to password change functionality for read-only users until a patch is available. As a temporary workaround, monitor account activity closely to detect potential hijacking attempts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Reprise License Manager version 15.1 **Description** The issue is related to incorrect access control in the software, allowing attackers to save sensitive files in insecure locations using a crafted POST request. **Recommendations** For Reprise License Manager version 15.1, consider restricting access to sensitive file operations until a patch is available. As a temporary workaround, limit the ability to save files in insecure locations to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.