CVE-2021-37499

Name of the Vulnerable Software and Affected Versions Reprise License Manager (RLM) versions through 14.2BL4

Description The issue concerns a CRLF vulnerability in the Reprise License Manager (RLM) web interface. This vulnerability is located in the password parameter of the View License Result function, allowing remote attackers to inject arbitrary HTTP headers.

Recommendations For versions through 14.2BL4, consider restricting access to the View License Result function until a patch is available. As a temporary workaround, avoid using the password parameter in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.