// For flags

CVE-2020-15860

 

Severity Score

9.9
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic Error causing remote code execution. It allows an authenticated user to execute any application in the backend operating system through the web application, despite the affected application not being published. In addition, it was discovered that it is possible to access any host in the internal domain, even if it has no published applications or the mentioned host is no longer associated with that server farm.

Parallels Remote Application Server (RAS) versión 17.1.1, presenta un Error de Lógica de Negocios que causa una ejecución de código remota. Permite a un usuario autenticado ejecutar cualquier aplicación en el sistema operativo backend por medio de la aplicación web, a pesar de que la aplicación afectada no ha sido publicada. Además, se detectó que es posible acceder a cualquier host en el dominio interno, inclusive si no tiene aplicaciones publicadas o si el host mencionado ya no está asociado con esa granja de servidores

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-07-20 CVE Reserved
  • 2020-07-24 CVE Published
  • 2023-12-12 EPSS Updated
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Parallels
Search vendor "Parallels"
Remote Application Server
Search vendor "Parallels" for product "Remote Application Server"
17.1.1
Search vendor "Parallels" for product "Remote Application Server" and version "17.1.1"
-
Affected