CVE-2020-8968
Parallels Remote Application Server credentials management errors
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of the information of the user could be compromised if an attacker is able to recover the profile password.
Parallels Remote Application Server (RAS) permite a un atacante local recuperar determinadas contraseñas de perfil en formato de texto sin cifrar al cargar un archivo cifrado previamente almacenado por Parallels RAS. La confidencialidad, disponibilidad e integridad de la información del usuario podría estar comprometida si un atacante es capaz de recuperar la contraseña del perfil
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-02-13 CVE Reserved
- 2021-12-17 CVE Published
- 2023-07-10 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-255: Credentials Management Errors
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://www.incibe.es/en/incibe-cert/notices/aviso/parallels-remote-application-server-credentials-management-errors | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Parallels Search vendor "Parallels" | Remote Application Server Search vendor "Parallels" for product "Remote Application Server" | >= 15.5 <= 17.0 Search vendor "Parallels" for product "Remote Application Server" and version " >= 15.5 <= 17.0" | - |
Affected
|