CVE-2021-44154

Name of the Vulnerable Software and Affected Versions: Reprise RLM version 14.2

Description: An issue was discovered in Reprise RLM where an attacker, using an admin account, can write a payload to the "/goform/edit opt" API endpoint. This payload is then triggered when running the diagnostics via the "/goform/diagnostics doit" endpoint, resulting in a buffer overflow.

Recommendations: For Reprise RLM version 14.2, consider restricting access to the "/goform/edit opt" and "/goform/diagnostics doit" API endpoints to prevent potential exploitation. As a temporary workaround, limit the use of admin accounts until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.