CVE-2020-13186

CVE-2020-13186 affects Teradici Cloud Access Connector v31 and earlier. The root cause is a missing Anti‑CSRF protection in a specific web form, enabling data modification if a user clicks a crafted link and the attacker knows both a machineID and a user GUID. Connected sources confirm the vulner...

CVE-2020-13176

CVE-2020-13176 affects the Teradici Cloud Access Connector Management Interface (releases prior to 24 Apr 2020; v16 and earlier for Cloud Access Connector). The vulnerability is a stored cross-site scripting (XSS) flaw that lets a remote unauthenticated attacker poison log files with malicious Ja...

CVE-2020-13175

CVE-2020-13175 affects the Teradici Cloud Access Connector Management Interface (legacy and v15) released before 20-Apr-2020. It is a local file inclusion vulnerability that allows an unauthenticated remote attacker to leak LDAP credentials via a specially crafted HTTP request. NVD CVSS data show...

CVE-2020-13185

CVE-2020-13185 affects the Teradici Cloud Access Connector prior to v18, where certain pages in the authenticated area could be accessed without authentication tokens. This is due to insufficient access control on those pages, enabling an attacker to perform sensitive functions without credential...