Lucene search

[email protected]NVD:CVE-2022-40870

HistoryNov 23, 2022 - 12:15 a.m.

CVE-2022-40870

2022-11-2300:15:11

CWE-116

[email protected]

web.nvd.nist.gov

parallels

remote application server

web client

host header injection

cve-2022-40870

vulnerability

arbitrary commands

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

72.4%

JSON

The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackers to execute arbitrary commands via a crafted payload injected into the Host header.

Affected configurations

Nvd

Node

parallelsremote_application_serverMatch18.0

VendorProductVersionCPE
parallelsremote_application_server18.0cpe:2.3:a:parallels:remote_application_server:18.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
parallels	remote_application_server	18.0	cpe:2.3:a:parallels:remote_application_server:18.0:::::::*

References

github.com/IthacaLabs/Parallels/blob/main/ParallelsRemoteApplicationServer/HHI_CVE-2022-40870.txt

github.com/IthacaLabs/Parallels/tree/main/ParallelsRemoteApplicationServer

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

72.4%

JSON

Related for NVD:CVE-2022-40870

cvelist1 cve1 prion1