Lucene search

[email protected]CVE-2022-40870

HistoryNov 23, 2022 - 12:15 a.m.

CVE-2022-40870

2022-11-2300:15:00

CWE-116

[email protected]

web.nvd.nist.gov

cve-2022-40870

parallels

remote application server

v18.0

host header injection

vulnerability

nvd

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.5%

JSON

The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackers to execute arbitrary commands via a crafted payload injected into the Host header.

CPENameOperatorVersion
parallels:remote_application_serverparallels remote application servereq18.0

CPE	Name	Operator	Version
parallels:remote_application_server	parallels remote application server	eq	18.0

References

github.com/IthacaLabs/Parallels/blob/main/ParallelsRemoteApplicationServer/HHI_CVE-2022-40870.txt

github.com/IthacaLabs/Parallels/tree/main/ParallelsRemoteApplicationServer

Social References

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.5%

JSON

Related for CVE-2022-40870

prion1