CVE-2021-44153

Name of the Vulnerable Software and Affected Versions: Reprise RLM version 14.2

Description: An issue was discovered that allows an admin user to enable an option to run arbitrary executables when editing the license file. This can be exploited by an attacker to run a malicious binary on startup or when triggering the Reread/Restart Servers function on the webserver. For example, an attacker could use an entry like C:WindowsSystem32calc.exe to demonstrate the issue.

Recommendations: For Reprise RLM version 14.2, consider disabling the option to run arbitrary executables from the license file as a temporary workaround until a patch is available. Restrict access to the license file editing functionality to minimize the risk of exploitation.