Main Vulnerability Database SB2018021620

SB2018021620 - Denial of service in Reprise Licence Manager

Published: February 16, 2018

Security Bulletin ID SB2018021620

CSH Severity

Low

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Path traversal (CVE-ID: CVE-2018-5716)

The vulnerability allows a remote unauthenticated attacker to conduct a path traversal attack on the target system.

The weakness exists due to insufficient validation of web requests. A remote attacker can send a specially crafted web request, gain access to potentially sensitive information or modify license files and cause the service to crash.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

http://www.0x90.zone/web/path-traversal/2018/02/16/Path-Traversal-Reprise-LM.html