CVE-2022-28365

Name of the Vulnerable Software and Affected Versions Reprise License Manager version 14.2

Description The issue allows for information disclosure via a GET request to "/goforms/rlminfo" without requiring authentication. The disclosed information includes details about software versions, process IDs, network configuration, hostname(s), system architecture, and file/directory details.

Recommendations For Reprise License Manager version 14.2, consider restricting access to the "/goforms/rlminfo" endpoint to minimize the risk of exploitation. As a temporary workaround, limit the information disclosed by this endpoint until a patch is available.