cvelistv5 - cve-2021-44153

CVE-2021-44153 (GCVE-0-2021-44153)

Vulnerability from cvelistv5

Published

2021-12-13 03:33

Modified

2024-08-04 04:17

Severity ?

CWE

Summary

An issue was discovered in Reprise RLM 14.2. When editing the license file, it is possible for an admin user to enable an option to run arbitrary executables, as demonstrated by an ISV demo "C:\Windows\System32\calc.exe" entry. An attacker can exploit this to run a malicious binary on startup, or when triggering the Reread/Restart Servers function on the webserver. (Exploitation does not require CVE-2018-15573, because the license file is meant to be changed in the application.)

References

URL

Tags

	https://reprisesoftware.com/admin/rlm-admin-download.php?&euagree=yes	x_refsource_MISC
	http://packetstormsecurity.com/files/165194/Reprise-License-Manager-14.2-Remote-Binary-Execution.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:17:23.591Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://reprisesoftware.com/admin/rlm-admin-download.php?\u0026euagree=yes"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165194/Reprise-License-Manager-14.2-Remote-Binary-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Reprise RLM 14.2. When editing the license file, it is possible for an admin user to enable an option to run arbitrary executables, as demonstrated by an ISV demo \"C:\\Windows\\System32\\calc.exe\" entry. An attacker can exploit this to run a malicious binary on startup, or when triggering the Reread/Restart Servers function on the webserver. (Exploitation does not require CVE-2018-15573, because the license file is meant to be changed in the application.)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-13T03:33:19.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://reprisesoftware.com/admin/rlm-admin-download.php?\u0026euagree=yes"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/165194/Reprise-License-Manager-14.2-Remote-Binary-Execution.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-44153",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Reprise RLM 14.2. When editing the license file, it is possible for an admin user to enable an option to run arbitrary executables, as demonstrated by an ISV demo \"C:\\Windows\\System32\\calc.exe\" entry. An attacker can exploit this to run a malicious binary on startup, or when triggering the Reread/Restart Servers function on the webserver. (Exploitation does not require CVE-2018-15573, because the license file is meant to be changed in the application.)"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://reprisesoftware.com/admin/rlm-admin-download.php?\u0026euagree=yes",
              "refsource": "MISC",
              "url": "https://reprisesoftware.com/admin/rlm-admin-download.php?\u0026euagree=yes"
            },
            {
              "name": "http://packetstormsecurity.com/files/165194/Reprise-License-Manager-14.2-Remote-Binary-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/165194/Reprise-License-Manager-14.2-Remote-Binary-Execution.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-44153",
    "datePublished": "2021-12-13T03:33:19.000Z",
    "dateReserved": "2021-11-22T00:00:00.000Z",
    "dateUpdated": "2024-08-04T04:17:23.591Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2023-AVI-0369

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
SAP	N/A	SAP 3D Visual Enterprise License Manager version 15
SAP	N/A	SAP Commerce versions 2211, 2105 et 2205
SAP	N/A	SAP Application Interface Framework (ODATA service) versions 755 et 756
SAP	N/A	SAP Commerce (Backoffice) versions 2105 et 2205
SAP	SAP BusinessObjects Business Intelligence	SAP BusinessObjects Business Intelligence Platform versions 420 et 430
SAP	SAP CRM WebClient UI	SAP CRM WebClient UI versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800 et WEBCUIF 80
SAP	N/A	SAPUI5 versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757 et UI_700 20
SAP	N/A	SAP GUI pour Windows versions 7.70 et 8.0
SAP	N/A	SAP IBP EXCEL ADD-IN versions 2211, 2302 et 2305
SAP	N/A	SAP BusinessObjects Intelligence Platform versions 420 et 430
SAP	N/A	SAP AS NetWeaver JAVA versions SERVERCORE 7.50, J2EE-FRMW 7.50 et CORE-TOOLS 7.50
SAP	N/A	Vendor Master Hierarchy versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618 et S4CORE 100
SAP	SAP BusinessObjects Business Intelligence	SAP BusinessObjects Business Intelligence Platform (Central Management Service) versions 420 et 430
SAP	N/A	SAP PowerDesigner (Proxy) version 16.7

References

Title

Publication Time

Tags

Bulletin de sécurité SAP 2023-05-10 du 10 mai 2023

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SAP 3D Visual Enterprise License Manager version 15",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Commerce versions 2211, 2105 et 2205",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Application Interface Framework (ODATA service) versions 755 et 756",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Commerce (Backoffice) versions 2105 et 2205",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP BusinessObjects Business Intelligence Platform versions 420 et 430",
      "product": {
        "name": "SAP BusinessObjects Business Intelligence",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP CRM WebClient UI versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800 et WEBCUIF 80",
      "product": {
        "name": "SAP CRM WebClient UI",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAPUI5 versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757 et UI_700 20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP GUI pour Windows versions 7.70 et 8.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP IBP EXCEL ADD-IN versions 2211, 2302 et 2305",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP BusinessObjects Intelligence Platform versions 420 et 430",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP AS NetWeaver JAVA versions SERVERCORE 7.50, J2EE-FRMW 7.50 et CORE-TOOLS 7.50",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Vendor Master Hierarchy versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618 et S4CORE 100",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP BusinessObjects Business Intelligence Platform (Central Management Service) versions 420 et 430",
      "product": {
        "name": "SAP BusinessObjects Business Intelligence",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP PowerDesigner (Proxy) version 16.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-44155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44155"
    },
    {
      "name": "CVE-2023-31407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31407"
    },
    {
      "name": "CVE-2023-30741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30741"
    },
    {
      "name": "CVE-2021-44152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44152"
    },
    {
      "name": "CVE-2022-41966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41966"
    },
    {
      "name": "CVE-2023-29188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29188"
    },
    {
      "name": "CVE-2023-29080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29080"
    },
    {
      "name": "CVE-2022-27667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27667"
    },
    {
      "name": "CVE-2021-44151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44151"
    },
    {
      "name": "CVE-2023-30744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30744"
    },
    {
      "name": "CVE-2022-32244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32244"
    },
    {
      "name": "CVE-2023-30740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30740"
    },
    {
      "name": "CVE-2023-30743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30743"
    },
    {
      "name": "CVE-2021-44153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44153"
    },
    {
      "name": "CVE-2022-39014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39014"
    },
    {
      "name": "CVE-2023-31404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31404"
    },
    {
      "name": "CVE-2023-30742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30742"
    },
    {
      "name": "CVE-2023-32113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32113"
    },
    {
      "name": "CVE-2023-28764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28764"
    },
    {
      "name": "CVE-2023-29111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29111"
    },
    {
      "name": "CVE-2022-31596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31596"
    },
    {
      "name": "CVE-2023-31406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31406"
    },
    {
      "name": "CVE-2023-32112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32112"
    },
    {
      "name": "CVE-2023-32111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32111"
    },
    {
      "name": "CVE-2023-28762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28762"
    },
    {
      "name": "CVE-2021-44154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44154"
    }
  ],
  "initial_release_date": "2023-05-10T00:00:00",
  "last_revision_date": "2023-05-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0369",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-05-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SAP 2023-05-10 du 10 mai 2023",
      "url": "https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a\u0026rc=1"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2021-44153 (GCVE-0-2021-44153)

Vulnerability from cvelistv5

CERTFR-2023-AVI-0369

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature