CVE-2021-44151

{"id": "CVE-2021-44151", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-12-13T04:15:07.137", "references": [{"url": "http://packetstormsecurity.com/files/165191/Reprise-License-Manager-14.2-Session-Hijacking.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://reprisesoftware.com/admin/rlm-admin-download.php?&euagree=yes", "tags": ["Product", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.reprisesoftware.com/RELEASE_NOTES", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-330"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Reprise RLM 14.2. As the session cookies are small, an attacker can hijack any existing sessions by bruteforcing the 4 hex-character session cookie on the Windows version (the Linux version appears to have 8 characters). An attacker can obtain the static part of the cookie (cookie name) by first making a request to any page on the application (e.g., /goforms/menu) and saving the name of the cookie sent with the response. The attacker can then use the name of the cookie and try to request that same page, setting a random value for the cookie. If any user has an active session, the page should return with the authorized content, when a valid cookie value is hit."}, {"lang": "es", "value": "Se ha detectado un problema en Reprise RLM versi\u00f3n 14.2. Como las cookies de sesi\u00f3n son peque\u00f1as, un atacante puede secuestrar cualquier sesi\u00f3n presente forzando la cookie de sesi\u00f3n de 4 caracteres hexadecimales en la versi\u00f3n de Windows (la versi\u00f3n de Linux parece tener 8 caracteres). Un atacante puede obtener la parte est\u00e1tica de la cookie (nombre de la cookie) al hacer primero una petici\u00f3n a cualquier p\u00e1gina de la aplicaci\u00f3n (por ejemplo, /goforms/men\u00fa) y guardando el nombre de la cookie enviada con la respuesta. El atacante puede entonces usar el nombre de la cookie e intentar solicitar esa misma p\u00e1gina, estableciendo un valor aleatorio para la cookie. Si alg\u00fan usuario presenta una sesi\u00f3n activa, la p\u00e1gina deber\u00eda volver con el contenido autorizado, cuando se encuentre un valor de cookie v\u00e1lido"}], "lastModified": "2023-08-08T14:22:24.967", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:reprisesoftware:reprise_license_manager:14.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7398E968-24AF-4006-92A0-B9DDC49EF43D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}