Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Parallels Remote Application Server (Client) by Parallels

    CVE-2020-8968 (GCVE-0-2020-8968)

    Vulnerability from nvd – Published: 2021-12-17 16:10 – Updated: 2024-09-17 01:02
    VLAI
    Title
    Parallels Remote Application Server credentials management errors
    Summary
    Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of the information of the user could be compromised if an attacker is able to recover the profile password.
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2021-12-16 23:00
    Credits
    Francisco Palma, Diego León and David Jiménez
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:19:19.490Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/parallels-remote-application-server-credentials-management-errors"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Parallels Remote Application Server (Client)",
              "vendor": "Parallels",
              "versions": [
                {
                  "lessThanOrEqual": "17",
                  "status": "affected",
                  "version": "15.5",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Francisco Palma, Diego Le\u00f3n and David Jim\u00e9nez"
            }
          ],
          "datePublic": "2021-12-16T23:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of the information of the user could be compromised if an attacker is able to recover the profile password."
                }
              ],
              "value": "Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of the information of the user could be compromised if an attacker is able to recover the profile password."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-255",
                  "description": "CWE-255 Credentials Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-20T10:04:24.068Z",
            "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
            "shortName": "INCIBE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/parallels-remote-application-server-credentials-management-errors"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Parallels periodically publish the fixes and note patches in their knowledge base."
                }
              ],
              "value": "Parallels periodically publish the fixes and note patches in their knowledge base."
            }
          ],
          "source": {
            "advisory": "INCIBE-2021-0512",
            "discovery": "EXTERNAL"
          },
          "title": "Parallels Remote Application Server credentials management errors",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-coordination@incibe.es",
              "DATE_PUBLIC": "2021-12-17T09:00:00.000Z",
              "ID": "CVE-2020-8968",
              "STATE": "PUBLIC",
              "TITLE": "Parallels Remote Application Server credentials management errors"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Parallels Remote Application Server (Client)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_name": "15.5",
                                "version_value": "15.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "17",
                                "version_value": "17"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Parallels"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Francisco Palma, Diego Le\u00f3n and David Jim\u00e9nez"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of the information of the user could be compromised if an attacker is able to recover the profile password."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-255 Credentials Management"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.incibe-cert.es/en/early-warning/security-advisories/parallels-remote-application-server-credentials-management-errors",
                  "refsource": "CONFIRM",
                  "url": "https://www.incibe-cert.es/en/early-warning/security-advisories/parallels-remote-application-server-credentials-management-errors"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Parallels periodically publish the fixes and note patches in their knowledge base."
              }
            ],
            "source": {
              "advisory": "INCIBE-2021-0512",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "assignerShortName": "INCIBE",
        "cveId": "CVE-2020-8968",
        "datePublished": "2021-12-17T16:10:37.247Z",
        "dateReserved": "2020-02-13T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:02:06.573Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-8968 (GCVE-0-2020-8968)

    Vulnerability from cvelistv5 – Published: 2021-12-17 16:10 – Updated: 2024-09-17 01:02
    VLAI
    Title
    Parallels Remote Application Server credentials management errors
    Summary
    Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of the information of the user could be compromised if an attacker is able to recover the profile password.
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2021-12-16 23:00
    Credits
    Francisco Palma, Diego León and David Jiménez
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:19:19.490Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/parallels-remote-application-server-credentials-management-errors"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Parallels Remote Application Server (Client)",
              "vendor": "Parallels",
              "versions": [
                {
                  "lessThanOrEqual": "17",
                  "status": "affected",
                  "version": "15.5",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Francisco Palma, Diego Le\u00f3n and David Jim\u00e9nez"
            }
          ],
          "datePublic": "2021-12-16T23:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of the information of the user could be compromised if an attacker is able to recover the profile password."
                }
              ],
              "value": "Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of the information of the user could be compromised if an attacker is able to recover the profile password."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-255",
                  "description": "CWE-255 Credentials Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-20T10:04:24.068Z",
            "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
            "shortName": "INCIBE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/parallels-remote-application-server-credentials-management-errors"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Parallels periodically publish the fixes and note patches in their knowledge base."
                }
              ],
              "value": "Parallels periodically publish the fixes and note patches in their knowledge base."
            }
          ],
          "source": {
            "advisory": "INCIBE-2021-0512",
            "discovery": "EXTERNAL"
          },
          "title": "Parallels Remote Application Server credentials management errors",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-coordination@incibe.es",
              "DATE_PUBLIC": "2021-12-17T09:00:00.000Z",
              "ID": "CVE-2020-8968",
              "STATE": "PUBLIC",
              "TITLE": "Parallels Remote Application Server credentials management errors"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Parallels Remote Application Server (Client)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_name": "15.5",
                                "version_value": "15.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "17",
                                "version_value": "17"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Parallels"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Francisco Palma, Diego Le\u00f3n and David Jim\u00e9nez"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of the information of the user could be compromised if an attacker is able to recover the profile password."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-255 Credentials Management"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.incibe-cert.es/en/early-warning/security-advisories/parallels-remote-application-server-credentials-management-errors",
                  "refsource": "CONFIRM",
                  "url": "https://www.incibe-cert.es/en/early-warning/security-advisories/parallels-remote-application-server-credentials-management-errors"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Parallels periodically publish the fixes and note patches in their knowledge base."
              }
            ],
            "source": {
              "advisory": "INCIBE-2021-0512",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "assignerShortName": "INCIBE",
        "cveId": "CVE-2020-8968",
        "datePublished": "2021-12-17T16:10:37.247Z",
        "dateReserved": "2020-02-13T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:02:06.573Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }