CVE-2021-37498

Name of the Vulnerable Software and Affected Versions Reprise License Manager (RLM) versions through 14.2BL4

Description A Server-Side Request Forgery (SSRF) issue was discovered in the Reprise License Manager (RLM) web interface, allowing remote attackers to trigger outbound requests to intranet servers and conduct port scans. This is achieved via the actserver parameter in the License Activation function.

Recommendations For versions through 14.2BL4, as a temporary workaround, consider restricting access to the License Activation function to minimize the risk of exploitation. Avoid using the actserver parameter in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.