Search
Find a vulnerability
Search criteria
49 vulnerabilities by Teradici
VAR-202104-1134
Vulnerability from variot - Updated: 2024-11-23 22:29Sensitive smart card data is logged in default INFO logs by Teradici's PCoIP Connection Manager and Security Gateway prior to version 21.01.3
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202104-1134",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pcoip connection manager and security gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "teradici",
"version": "21.01"
},
{
"model": "pcoip connection manager and security gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "teradici",
"version": "20.07"
},
{
"model": "pcoip connection manager and security gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "teradici",
"version": "20.07.1"
},
{
"model": "pcoip connection manager and security gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "teradici",
"version": "21.01.3"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25692"
}
]
},
"cve": "CVE-2021-25692",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2021-25692",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.1,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-384521",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2021-25692",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-25692",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-367",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-384521",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2021-25692",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-384521"
},
{
"db": "VULMON",
"id": "CVE-2021-25692"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-367"
},
{
"db": "NVD",
"id": "CVE-2021-25692"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sensitive smart card data is logged in default INFO logs by Teradici\u0027s PCoIP Connection Manager and Security Gateway prior to version 21.01.3",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25692"
},
{
"db": "VULHUB",
"id": "VHN-384521"
},
{
"db": "VULMON",
"id": "CVE-2021-25692"
}
],
"trust": 1.08
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-25692",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-202104-367",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-384521",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-25692",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-384521"
},
{
"db": "VULMON",
"id": "CVE-2021-25692"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-367"
},
{
"db": "NVD",
"id": "CVE-2021-25692"
}
]
},
"id": "VAR-202104-1134",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-384521"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:29:16.369000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Gateway Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146913"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-367"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-312",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-384521"
},
{
"db": "NVD",
"id": "CVE-2021-25692"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://advisory.teradici.com/security-advisories/77/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25692"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/312.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-384521"
},
{
"db": "VULMON",
"id": "CVE-2021-25692"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-367"
},
{
"db": "NVD",
"id": "CVE-2021-25692"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-384521"
},
{
"db": "VULMON",
"id": "CVE-2021-25692"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-367"
},
{
"db": "NVD",
"id": "CVE-2021-25692"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-06T00:00:00",
"db": "VULHUB",
"id": "VHN-384521"
},
{
"date": "2021-04-06T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25692"
},
{
"date": "2021-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-367"
},
{
"date": "2021-04-06T20:15:13.583000",
"db": "NVD",
"id": "CVE-2021-25692"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-19T00:00:00",
"db": "VULHUB",
"id": "VHN-384521"
},
{
"date": "2021-04-19T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25692"
},
{
"date": "2021-04-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-367"
},
{
"date": "2024-11-21T05:55:18.260000",
"db": "NVD",
"id": "CVE-2021-25692"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Check Point Security Gateway Security hole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-367"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-367"
}
],
"trust": 0.6
}
}
CVE-2017-20121 (GCVE-0-2017-20121)
Vulnerability from nvd – Published: 2022-06-30 05:05 – Updated: 2025-04-15 14:08
VLAI
EPSS
VEX
Title
Teradici Management Console Database Management privileges management
Summary
A vulnerability was found in Teradici Management Console 2.2.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Database Management. The manipulation leads to improper privilege management. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
Severity
7.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2017/Feb/62 | x_refsource_MISC |
| https://vuldb.com/?id.97279 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Teradici | Management Console |
Affected:
2.2.0
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:45:25.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Feb/62"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.97279"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-20121",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T16:55:31.406855Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:08:51.896Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Management Console",
"vendor": "Teradici",
"versions": [
{
"status": "affected",
"version": "2.2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ERRor"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Teradici Management Console 2.2.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Database Management. The manipulation leads to improper privilege management. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-30T05:05:20.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Feb/62"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.97279"
}
],
"title": "Teradici Management Console Database Management privileges management",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2017-20121",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "Teradici Management Console Database Management privileges management"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Management Console",
"version": {
"version_data": [
{
"version_value": "2.2.0"
}
]
}
}
]
},
"vendor_name": "Teradici"
}
]
}
},
"credit": "ERRor",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Teradici Management Console 2.2.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Database Management. The manipulation leads to improper privilege management. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "7.8",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Feb/62",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Feb/62"
},
{
"name": "https://vuldb.com/?id.97279",
"refsource": "MISC",
"url": "https://vuldb.com/?id.97279"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2017-20121",
"datePublished": "2022-06-30T05:05:20.000Z",
"dateReserved": "2022-06-27T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:08:51.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25701 (GCVE-0-2021-25701)
Vulnerability from nvd – Published: 2021-07-21 12:37 – Updated: 2024-08-03 20:11
VLAI
EPSS
VEX
Summary
The fUSBHub driver in the PCoIP Software Client prior to version 21.07.0 had an error in object management during the handling of a variety of IOCTLs, which allowed an attacker to cause a denial of service.
Severity
No CVSS data available.
CWE
- CWE-400 - Uncontrolled Resource Consumption (CWE-400)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://advisory.teradici.com/security-advisories/103/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | - PCoIP Software Client |
Affected:
21.07.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.862Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://advisory.teradici.com/security-advisories/103/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "- PCoIP Software Client",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "21.07.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The fUSBHub driver in the PCoIP Software Client prior to version 21.07.0 had an error in object management during the handling of a variety of IOCTLs, which allowed an attacker to cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Uncontrolled Resource Consumption (CWE-400)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-21T12:37:39.000Z",
"orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"shortName": "Teradici"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://advisory.teradici.com/security-advisories/103/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@teradici.com",
"ID": "CVE-2021-25701",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "- PCoIP Software Client",
"version": {
"version_data": [
{
"version_value": "21.07.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The fUSBHub driver in the PCoIP Software Client prior to version 21.07.0 had an error in object management during the handling of a variety of IOCTLs, which allowed an attacker to cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uncontrolled Resource Consumption (CWE-400)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://advisory.teradici.com/security-advisories/103/",
"refsource": "MISC",
"url": "https://advisory.teradici.com/security-advisories/103/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"assignerShortName": "Teradici",
"cveId": "CVE-2021-25701",
"datePublished": "2021-07-21T12:37:39.000Z",
"dateReserved": "2021-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:11:27.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25699 (GCVE-0-2021-25699)
Vulnerability from nvd – Published: 2021-07-21 12:26 – Updated: 2024-08-03 20:11
VLAI
EPSS
VEX
Summary
The OpenSSL component of the Teradici PCoIP Software Client prior to version 21.07.0 was compiled without the no-autoload-config option, which allowed an attacker to elevate to the privileges of the running process via placing a specially crafted dll in a build configuration directory.
Severity
No CVSS data available.
CWE
- CWE-426 - Untrusted Search Path (CWE-426)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://advisory.teradici.com/security-advisories/102/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | - PCoIP Standard Agent - PCoIP Graphics Agent - PCoIP Software Client |
Affected:
21.07.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://advisory.teradici.com/security-advisories/102/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "- PCoIP Standard Agent - PCoIP Graphics Agent - PCoIP Software Client",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "21.07.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The OpenSSL component of the Teradici PCoIP Software Client prior to version 21.07.0 was compiled without the no-autoload-config option, which allowed an attacker to elevate to the privileges of the running process via placing a specially crafted dll in a build configuration directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "Untrusted Search Path (CWE-426)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-21T12:26:47.000Z",
"orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"shortName": "Teradici"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://advisory.teradici.com/security-advisories/102/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@teradici.com",
"ID": "CVE-2021-25699",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "- PCoIP Standard Agent - PCoIP Graphics Agent - PCoIP Software Client",
"version": {
"version_data": [
{
"version_value": "21.07.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OpenSSL component of the Teradici PCoIP Software Client prior to version 21.07.0 was compiled without the no-autoload-config option, which allowed an attacker to elevate to the privileges of the running process via placing a specially crafted dll in a build configuration directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted Search Path (CWE-426)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://advisory.teradici.com/security-advisories/102/",
"refsource": "MISC",
"url": "https://advisory.teradici.com/security-advisories/102/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"assignerShortName": "Teradici",
"cveId": "CVE-2021-25699",
"datePublished": "2021-07-21T12:26:47.000Z",
"dateReserved": "2021-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:11:27.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25698 (GCVE-0-2021-25698)
Vulnerability from nvd – Published: 2021-07-21 12:26 – Updated: 2024-08-03 20:11
VLAI
EPSS
VEX
Summary
The OpenSSL component of the Teradici PCoIP Standard Agent prior to version 21.07.0 was compiled without the no-autoload-config option, which allowed an attacker to elevate to the privileges of the running process via placing a specially crafted dll in a build configuration directory.
Severity
No CVSS data available.
CWE
- CWE-426 - Untrusted Search Path (CWE-426)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://advisory.teradici.com/security-advisories/102/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | - PCoIP Standard Agent - PCoIP Graphics Agent - PCoIP Software Client |
Affected:
21.07.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:28.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://advisory.teradici.com/security-advisories/102/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "- PCoIP Standard Agent - PCoIP Graphics Agent - PCoIP Software Client",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "21.07.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The OpenSSL component of the Teradici PCoIP Standard Agent prior to version 21.07.0 was compiled without the no-autoload-config option, which allowed an attacker to elevate to the privileges of the running process via placing a specially crafted dll in a build configuration directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "Untrusted Search Path (CWE-426)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-21T12:26:55.000Z",
"orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"shortName": "Teradici"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://advisory.teradici.com/security-advisories/102/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@teradici.com",
"ID": "CVE-2021-25698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "- PCoIP Standard Agent - PCoIP Graphics Agent - PCoIP Software Client",
"version": {
"version_data": [
{
"version_value": "21.07.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OpenSSL component of the Teradici PCoIP Standard Agent prior to version 21.07.0 was compiled without the no-autoload-config option, which allowed an attacker to elevate to the privileges of the running process via placing a specially crafted dll in a build configuration directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted Search Path (CWE-426)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://advisory.teradici.com/security-advisories/102/",
"refsource": "MISC",
"url": "https://advisory.teradici.com/security-advisories/102/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"assignerShortName": "Teradici",
"cveId": "CVE-2021-25698",
"datePublished": "2021-07-21T12:26:55.000Z",
"dateReserved": "2021-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:11:28.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25695 (GCVE-0-2021-25695)
Vulnerability from nvd – Published: 2021-07-21 12:33 – Updated: 2024-08-03 20:11
VLAI
EPSS
VEX
Summary
The USB vHub in the Teradici PCOIP Software Agent prior to version 21.07.0 would accept commands from any program, which may allow an attacker to elevate privileges by changing the flow of program execution within the vHub driver.
Severity
No CVSS data available.
CWE
- CWE-782 - Exposed IOCTL with Insufficient Access Control (CWE-782)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://advisory.teradici.com/security-advisories/100/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | - PCoIP Agent for Windows |
Affected:
21.07.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://advisory.teradici.com/security-advisories/100/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "- PCoIP Agent for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "21.07.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The USB vHub in the Teradici PCOIP Software Agent prior to version 21.07.0 would accept commands from any program, which may allow an attacker to elevate privileges by changing the flow of program execution within the vHub driver."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-782",
"description": "Exposed IOCTL with Insufficient Access Control (CWE-782)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-21T12:33:10.000Z",
"orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"shortName": "Teradici"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://advisory.teradici.com/security-advisories/100/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@teradici.com",
"ID": "CVE-2021-25695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "- PCoIP Agent for Windows",
"version": {
"version_data": [
{
"version_value": "21.07.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The USB vHub in the Teradici PCOIP Software Agent prior to version 21.07.0 would accept commands from any program, which may allow an attacker to elevate privileges by changing the flow of program execution within the vHub driver."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Exposed IOCTL with Insufficient Access Control (CWE-782)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://advisory.teradici.com/security-advisories/100/",
"refsource": "MISC",
"url": "https://advisory.teradici.com/security-advisories/100/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"assignerShortName": "Teradici",
"cveId": "CVE-2021-25695",
"datePublished": "2021-07-21T12:33:10.000Z",
"dateReserved": "2021-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:11:27.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35451 (GCVE-0-2021-35451)
Vulnerability from nvd – Published: 2021-07-07 13:30 – Updated: 2026-07-09 00:14
VLAI
EPSS
VEX
Summary
In Teradici PCoIP Management Console-Enterprise 20.07.0, an unauthenticated user can inject arbitrary text into user browser via the Web application.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-07-09T00:14:05.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/rvismit/578f9f98d79f22d81a5e45dbbc0b4fa4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Teradici PCoIP Management Console-Enterprise 20.07.0, an unauthenticated user can inject arbitrary text into user browser via the Web application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-04T23:50:42.858Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gist.github.com/rvismit/578f9f98d79f22d81a5e45dbbc0b4fa4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-35451",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Teradici PCoIP Management Console-Enterprise 20.07.0, an unauthenticated user can inject arbitrary text into user browser via the Web application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://teradici.com",
"refsource": "MISC",
"url": "http://teradici.com"
},
{
"name": "https://gist.github.com/rvismit/578f9f98d79f22d81a5e45dbbc0b4fa4",
"refsource": "MISC",
"url": "https://gist.github.com/rvismit/578f9f98d79f22d81a5e45dbbc0b4fa4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-35451",
"datePublished": "2021-07-07T13:30:23.000Z",
"dateReserved": "2021-06-23T00:00:00.000Z",
"dateUpdated": "2026-07-09T00:14:05.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-25693 (GCVE-0-2021-25693)
Vulnerability from nvd – Published: 2021-05-13 13:20 – Updated: 2024-08-03 20:11
VLAI
EPSS
VEX
Summary
An attacker may cause a Denial of Service (DoS) in multiple versions of Teradici PCoIP Agent via a null pointer dereference.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://advisory.teradici.com/security-advisories/79/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://advisory.teradici.com/security-advisories/79/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An attacker may cause a Denial of Service (DoS) in multiple versions of Teradici PCoIP Agent via a null pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T13:20:52.000Z",
"orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"shortName": "Teradici"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://advisory.teradici.com/security-advisories/79/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@teradici.com",
"ID": "CVE-2021-25693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker may cause a Denial of Service (DoS) in multiple versions of Teradici PCoIP Agent via a null pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://advisory.teradici.com/security-advisories/79/",
"refsource": "MISC",
"url": "https://advisory.teradici.com/security-advisories/79/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"assignerShortName": "Teradici",
"cveId": "CVE-2021-25693",
"datePublished": "2021-05-13T13:20:52.000Z",
"dateReserved": "2021-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:11:27.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25694 (GCVE-0-2021-25694)
Vulnerability from nvd – Published: 2021-05-13 12:49 – Updated: 2024-08-03 20:11
VLAI
EPSS
VEX
Summary
Teradici PCoIP Graphics Agent for Windows prior to 21.03 does not validate NVENC.dll. An attacker could replace the .dll and redirect pixels elsewhere.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://advisory.teradici.com/security-advisories/80/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://advisory.teradici.com/security-advisories/80/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Teradici PCoIP Graphics Agent for Windows prior to 21.03 does not validate NVENC.dll. An attacker could replace the .dll and redirect pixels elsewhere."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T12:49:17.000Z",
"orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"shortName": "Teradici"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://advisory.teradici.com/security-advisories/80/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@teradici.com",
"ID": "CVE-2021-25694",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Teradici PCoIP Graphics Agent for Windows prior to 21.03 does not validate NVENC.dll. An attacker could replace the .dll and redirect pixels elsewhere."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://advisory.teradici.com/security-advisories/80/",
"refsource": "MISC",
"url": "https://advisory.teradici.com/security-advisories/80/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"assignerShortName": "Teradici",
"cveId": "CVE-2021-25694",
"datePublished": "2021-05-13T12:49:17.000Z",
"dateReserved": "2021-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:11:27.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25692 (GCVE-0-2021-25692)
Vulnerability from nvd – Published: 2021-04-06 19:21 – Updated: 2024-08-03 20:11
VLAI
EPSS
VEX
Summary
Sensitive smart card data is logged in default INFO logs by Teradici's PCoIP Connection Manager and Security Gateway prior to version 21.01.3.
Severity
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://advisory.teradici.com/security-advisories/77/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Teradici PCoIP Connection Manager and Security Gateway |
Affected:
prior to version 21.01.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://advisory.teradici.com/security-advisories/77/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Teradici PCoIP Connection Manager and Security Gateway",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "prior to version 21.01.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sensitive smart card data is logged in default INFO logs by Teradici\u0027s PCoIP Connection Manager and Security Gateway prior to version 21.01.3."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T19:21:50.000Z",
"orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"shortName": "Teradici"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://advisory.teradici.com/security-advisories/77/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@teradici.com",
"ID": "CVE-2021-25692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Teradici PCoIP Connection Manager and Security Gateway",
"version": {
"version_data": [
{
"version_value": "prior to version 21.01.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sensitive smart card data is logged in default INFO logs by Teradici\u0027s PCoIP Connection Manager and Security Gateway prior to version 21.01.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://advisory.teradici.com/security-advisories/77/",
"refsource": "MISC",
"url": "https://advisory.teradici.com/security-advisories/77/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"assignerShortName": "Teradici",
"cveId": "CVE-2021-25692",
"datePublished": "2021-04-06T19:21:50.000Z",
"dateReserved": "2021-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:11:27.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25690 (GCVE-0-2021-25690)
Vulnerability from nvd – Published: 2021-02-11 15:19 – Updated: 2024-08-03 20:11
VLAI
EPSS
VEX
Summary
A null pointer dereference in Teradici PCoIP Soft Client versions prior to 20.07.3 could allow an attacker to crash the software.
Severity
No CVSS data available.
CWE
- Null Pointer Dereference
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://advisory.teradici.com/security-advisories/74/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | - PCoIP Soft Client for Windows - PCoIP Soft Client for Linux - PCoIP Soft Client for OSX |
Affected:
20.07.2 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:28.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://advisory.teradici.com/security-advisories/74/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "- PCoIP Soft Client for Windows - PCoIP Soft Client for Linux - PCoIP Soft Client for OSX",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "20.07.2 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A null pointer dereference in Teradici PCoIP Soft Client versions prior to 20.07.3 could allow an attacker to crash the software."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Null Pointer Dereference",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-11T15:19:57.000Z",
"orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"shortName": "Teradici"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://advisory.teradici.com/security-advisories/74/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@teradici.com",
"ID": "CVE-2021-25690",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "- PCoIP Soft Client for Windows - PCoIP Soft Client for Linux - PCoIP Soft Client for OSX",
"version": {
"version_data": [
{
"version_value": "20.07.2 and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A null pointer dereference in Teradici PCoIP Soft Client versions prior to 20.07.3 could allow an attacker to crash the software."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Null Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://advisory.teradici.com/security-advisories/74/",
"refsource": "MISC",
"url": "https://advisory.teradici.com/security-advisories/74/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"assignerShortName": "Teradici",
"cveId": "CVE-2021-25690",
"datePublished": "2021-02-11T15:19:57.000Z",
"dateReserved": "2021-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:11:28.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25689 (GCVE-0-2021-25689)
Vulnerability from nvd – Published: 2021-02-11 15:22 – Updated: 2024-08-03 20:11
VLAI
EPSS
VEX
Summary
An out of bounds write in Teradici PCoIP soft client versions prior to version 20.10.1 could allow an attacker to remotely execute code.
Severity
No CVSS data available.
CWE
- Out-Of-Bounds Write
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://advisory.teradici.com/security-advisories/75/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | - PCoIP Soft Client for Windows - PCoIP Soft Client for Linux - PCoIP Soft Client for OSX |
Affected:
20.10.0 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:28.175Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://advisory.teradici.com/security-advisories/75/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "- PCoIP Soft Client for Windows - PCoIP Soft Client for Linux - PCoIP Soft Client for OSX",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "20.10.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out of bounds write in Teradici PCoIP soft client versions prior to version 20.10.1 could allow an attacker to remotely execute code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-Of-Bounds Write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-11T15:22:29.000Z",
"orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"shortName": "Teradici"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://advisory.teradici.com/security-advisories/75/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@teradici.com",
"ID": "CVE-2021-25689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "- PCoIP Soft Client for Windows - PCoIP Soft Client for Linux - PCoIP Soft Client for OSX",
"version": {
"version_data": [
{
"version_value": "20.10.0 and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out of bounds write in Teradici PCoIP soft client versions prior to version 20.10.1 could allow an attacker to remotely execute code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-Of-Bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://advisory.teradici.com/security-advisories/75/",
"refsource": "MISC",
"url": "https://advisory.teradici.com/security-advisories/75/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"assignerShortName": "Teradici",
"cveId": "CVE-2021-25689",
"datePublished": "2021-02-11T15:22:29.000Z",
"dateReserved": "2021-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:11:28.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25688 (GCVE-0-2021-25688)
Vulnerability from nvd – Published: 2021-02-11 15:24 – Updated: 2024-08-03 20:11
VLAI
EPSS
VEX
Summary
Under certain conditions, Teradici PCoIP Agents for Windows prior to version 20.10.0 and Teradici PCoIP Agents for Linux prior to version 21.01.0 may log parts of a user's password in the application logs.
Severity
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://advisory.teradici.com/security-advisories/73/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | - PCoIP Standard Agent for Windows - PCoIP Standard Agent for Linux - PCoIP Graphics Agent for Windows - PCoIP Graphics Agent for Linux |
Affected:
Windows prior to 20.10.0, Linux prior to 21.01.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:28.203Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://advisory.teradici.com/security-advisories/73/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "- PCoIP Standard Agent for Windows - PCoIP Standard Agent for Linux - PCoIP Graphics Agent for Windows - PCoIP Graphics Agent for Linux",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Windows prior to 20.10.0, Linux prior to 21.01.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions, Teradici PCoIP Agents for Windows prior to version 20.10.0 and Teradici PCoIP Agents for Linux prior to version 21.01.0 may log parts of a user\u0027s password in the application logs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-11T15:24:19.000Z",
"orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"shortName": "Teradici"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://advisory.teradici.com/security-advisories/73/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@teradici.com",
"ID": "CVE-2021-25688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "- PCoIP Standard Agent for Windows - PCoIP Standard Agent for Linux - PCoIP Graphics Agent for Windows - PCoIP Graphics Agent for Linux",
"version": {
"version_data": [
{
"version_value": "Windows prior to 20.10.0, Linux prior to 21.01.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Under certain conditions, Teradici PCoIP Agents for Windows prior to version 20.10.0 and Teradici PCoIP Agents for Linux prior to version 21.01.0 may log parts of a user\u0027s password in the application logs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://advisory.teradici.com/security-advisories/73/",
"refsource": "MISC",
"url": "https://advisory.teradici.com/security-advisories/73/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"assignerShortName": "Teradici",
"cveId": "CVE-2021-25688",
"datePublished": "2021-02-11T15:24:19.000Z",
"dateReserved": "2021-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:11:28.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13186 (GCVE-0-2020-13186)
Vulnerability from nvd – Published: 2021-02-11 15:14 – Updated: 2024-08-04 12:11
VLAI
EPSS
VEX
Summary
An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and earlier in a specific web form, which allowed an attacker with knowledge of both a machineID and user GUID to modify data if a user clicked a malicious link.
Severity
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://advisory.teradici.com/security-advisories/70/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | - Cloud Access Connector - Cloud Access Connector Legacy |
Affected:
v31 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:11:19.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://advisory.teradici.com/security-advisories/70/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "- Cloud Access Connector - Cloud Access Connector Legacy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v31 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and earlier in a specific web form, which allowed an attacker with knowledge of both a machineID and user GUID to modify data if a user clicked a malicious link."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-11T15:14:48.000Z",
"orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"shortName": "Teradici"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://advisory.teradici.com/security-advisories/70/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@teradici.com",
"ID": "CVE-2020-13186",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "- Cloud Access Connector - Cloud Access Connector Legacy",
"version": {
"version_data": [
{
"version_value": "v31 and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and earlier in a specific web form, which allowed an attacker with knowledge of both a machineID and user GUID to modify data if a user clicked a malicious link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352: Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://advisory.teradici.com/security-advisories/70/",
"refsource": "MISC",
"url": "https://advisory.teradici.com/security-advisories/70/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"assignerShortName": "Teradici",
"cveId": "CVE-2020-13186",
"datePublished": "2021-02-11T15:14:48.000Z",
"dateReserved": "2020-05-19T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:11:19.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13185 (GCVE-0-2020-13185)
Vulnerability from nvd – Published: 2021-02-11 15:10 – Updated: 2024-08-04 12:11
VLAI
EPSS
VEX
Summary
Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attacker in the ability to execute sensitive functions without credentials.
Severity
No CVSS data available.
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://advisory.teradici.com/security-advisories/69/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | - Cloud Access Connector - Cloud Access Connector Legacy |
Affected:
v18 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:11:19.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://advisory.teradici.com/security-advisories/69/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "- Cloud Access Connector - Cloud Access Connector Legacy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v18 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attacker in the ability to execute sensitive functions without credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-11T15:10:16.000Z",
"orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"shortName": "Teradici"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://advisory.teradici.com/security-advisories/69/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@teradici.com",
"ID": "CVE-2020-13185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "- Cloud Access Connector - Cloud Access Connector Legacy",
"version": {
"version_data": [
{
"version_value": "v18 and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attacker in the ability to execute sensitive functions without credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://advisory.teradici.com/security-advisories/69/",
"refsource": "MISC",
"url": "https://advisory.teradici.com/security-advisories/69/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"assignerShortName": "Teradici",
"cveId": "CVE-2020-13185",
"datePublished": "2021-02-11T15:10:16.000Z",
"dateReserved": "2020-05-19T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:11:19.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13183 (GCVE-0-2020-13183)
Vulnerability from nvd – Published: 2020-08-17 20:31 – Updated: 2024-08-04 12:11
VLAI
EPSS
VEX
Summary
Reflected Cross Site Scripting in Teradici PCoIP Management Console prior to 20.07 could allow an attacker to take over the user's active session if the user is exposed to a malicious payload.
Severity
No CVSS data available.
CWE
- Reflected Cross Site Scripting
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://advisory.teradici.com/security-advisories/63/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Teradici PCoIP Management Console |
Affected:
Before 20.07
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:11:19.444Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://advisory.teradici.com/security-advisories/63/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Teradici PCoIP Management Console",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Before 20.07"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Reflected Cross Site Scripting in Teradici PCoIP Management Console prior to 20.07 could allow an attacker to take over the user\u0027s active session if the user is exposed to a malicious payload."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflected Cross Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-17T20:31:06.000Z",
"orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"shortName": "Teradici"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://advisory.teradici.com/security-advisories/63/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@teradici.com",
"ID": "CVE-2020-13183",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Teradici PCoIP Management Console",
"version": {
"version_data": [
{
"version_value": "Before 20.07"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reflected Cross Site Scripting in Teradici PCoIP Management Console prior to 20.07 could allow an attacker to take over the user\u0027s active session if the user is exposed to a malicious payload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected Cross Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://advisory.teradici.com/security-advisories/63/",
"refsource": "MISC",
"url": "https://advisory.teradici.com/security-advisories/63/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"assignerShortName": "Teradici",
"cveId": "CVE-2020-13183",
"datePublished": "2020-08-17T20:31:06.000Z",
"dateReserved": "2020-05-19T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:11:19.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-20121 (GCVE-0-2017-20121)
Vulnerability from cvelistv5 – Published: 2022-06-30 05:05 – Updated: 2025-04-15 14:08
VLAI
EPSS
VEX
Title
Teradici Management Console Database Management privileges management
Summary
A vulnerability was found in Teradici Management Console 2.2.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Database Management. The manipulation leads to improper privilege management. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
Severity
7.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2017/Feb/62 | x_refsource_MISC |
| https://vuldb.com/?id.97279 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Teradici | Management Console |
Affected:
2.2.0
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:45:25.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Feb/62"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.97279"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-20121",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T16:55:31.406855Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:08:51.896Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Management Console",
"vendor": "Teradici",
"versions": [
{
"status": "affected",
"version": "2.2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ERRor"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Teradici Management Console 2.2.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Database Management. The manipulation leads to improper privilege management. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-30T05:05:20.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Feb/62"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.97279"
}
],
"title": "Teradici Management Console Database Management privileges management",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2017-20121",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "Teradici Management Console Database Management privileges management"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Management Console",
"version": {
"version_data": [
{
"version_value": "2.2.0"
}
]
}
}
]
},
"vendor_name": "Teradici"
}
]
}
},
"credit": "ERRor",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Teradici Management Console 2.2.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Database Management. The manipulation leads to improper privilege management. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "7.8",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Feb/62",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Feb/62"
},
{
"name": "https://vuldb.com/?id.97279",
"refsource": "MISC",
"url": "https://vuldb.com/?id.97279"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2017-20121",
"datePublished": "2022-06-30T05:05:20.000Z",
"dateReserved": "2022-06-27T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:08:51.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25701 (GCVE-0-2021-25701)
Vulnerability from cvelistv5 – Published: 2021-07-21 12:37 – Updated: 2024-08-03 20:11
VLAI
EPSS
VEX
Summary
The fUSBHub driver in the PCoIP Software Client prior to version 21.07.0 had an error in object management during the handling of a variety of IOCTLs, which allowed an attacker to cause a denial of service.
Severity
No CVSS data available.
CWE
- CWE-400 - Uncontrolled Resource Consumption (CWE-400)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://advisory.teradici.com/security-advisories/103/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | - PCoIP Software Client |
Affected:
21.07.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.862Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://advisory.teradici.com/security-advisories/103/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "- PCoIP Software Client",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "21.07.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The fUSBHub driver in the PCoIP Software Client prior to version 21.07.0 had an error in object management during the handling of a variety of IOCTLs, which allowed an attacker to cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Uncontrolled Resource Consumption (CWE-400)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-21T12:37:39.000Z",
"orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"shortName": "Teradici"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://advisory.teradici.com/security-advisories/103/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@teradici.com",
"ID": "CVE-2021-25701",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "- PCoIP Software Client",
"version": {
"version_data": [
{
"version_value": "21.07.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The fUSBHub driver in the PCoIP Software Client prior to version 21.07.0 had an error in object management during the handling of a variety of IOCTLs, which allowed an attacker to cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uncontrolled Resource Consumption (CWE-400)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://advisory.teradici.com/security-advisories/103/",
"refsource": "MISC",
"url": "https://advisory.teradici.com/security-advisories/103/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"assignerShortName": "Teradici",
"cveId": "CVE-2021-25701",
"datePublished": "2021-07-21T12:37:39.000Z",
"dateReserved": "2021-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:11:27.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25695 (GCVE-0-2021-25695)
Vulnerability from cvelistv5 – Published: 2021-07-21 12:33 – Updated: 2024-08-03 20:11
VLAI
EPSS
VEX
Summary
The USB vHub in the Teradici PCOIP Software Agent prior to version 21.07.0 would accept commands from any program, which may allow an attacker to elevate privileges by changing the flow of program execution within the vHub driver.
Severity
No CVSS data available.
CWE
- CWE-782 - Exposed IOCTL with Insufficient Access Control (CWE-782)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://advisory.teradici.com/security-advisories/100/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | - PCoIP Agent for Windows |
Affected:
21.07.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://advisory.teradici.com/security-advisories/100/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "- PCoIP Agent for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "21.07.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The USB vHub in the Teradici PCOIP Software Agent prior to version 21.07.0 would accept commands from any program, which may allow an attacker to elevate privileges by changing the flow of program execution within the vHub driver."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-782",
"description": "Exposed IOCTL with Insufficient Access Control (CWE-782)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-21T12:33:10.000Z",
"orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"shortName": "Teradici"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://advisory.teradici.com/security-advisories/100/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@teradici.com",
"ID": "CVE-2021-25695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "- PCoIP Agent for Windows",
"version": {
"version_data": [
{
"version_value": "21.07.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The USB vHub in the Teradici PCOIP Software Agent prior to version 21.07.0 would accept commands from any program, which may allow an attacker to elevate privileges by changing the flow of program execution within the vHub driver."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Exposed IOCTL with Insufficient Access Control (CWE-782)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://advisory.teradici.com/security-advisories/100/",
"refsource": "MISC",
"url": "https://advisory.teradici.com/security-advisories/100/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"assignerShortName": "Teradici",
"cveId": "CVE-2021-25695",
"datePublished": "2021-07-21T12:33:10.000Z",
"dateReserved": "2021-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:11:27.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25698 (GCVE-0-2021-25698)
Vulnerability from cvelistv5 – Published: 2021-07-21 12:26 – Updated: 2024-08-03 20:11
VLAI
EPSS
VEX
Summary
The OpenSSL component of the Teradici PCoIP Standard Agent prior to version 21.07.0 was compiled without the no-autoload-config option, which allowed an attacker to elevate to the privileges of the running process via placing a specially crafted dll in a build configuration directory.
Severity
No CVSS data available.
CWE
- CWE-426 - Untrusted Search Path (CWE-426)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://advisory.teradici.com/security-advisories/102/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | - PCoIP Standard Agent - PCoIP Graphics Agent - PCoIP Software Client |
Affected:
21.07.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:28.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://advisory.teradici.com/security-advisories/102/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "- PCoIP Standard Agent - PCoIP Graphics Agent - PCoIP Software Client",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "21.07.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The OpenSSL component of the Teradici PCoIP Standard Agent prior to version 21.07.0 was compiled without the no-autoload-config option, which allowed an attacker to elevate to the privileges of the running process via placing a specially crafted dll in a build configuration directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "Untrusted Search Path (CWE-426)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-21T12:26:55.000Z",
"orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"shortName": "Teradici"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://advisory.teradici.com/security-advisories/102/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@teradici.com",
"ID": "CVE-2021-25698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "- PCoIP Standard Agent - PCoIP Graphics Agent - PCoIP Software Client",
"version": {
"version_data": [
{
"version_value": "21.07.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OpenSSL component of the Teradici PCoIP Standard Agent prior to version 21.07.0 was compiled without the no-autoload-config option, which allowed an attacker to elevate to the privileges of the running process via placing a specially crafted dll in a build configuration directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted Search Path (CWE-426)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://advisory.teradici.com/security-advisories/102/",
"refsource": "MISC",
"url": "https://advisory.teradici.com/security-advisories/102/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"assignerShortName": "Teradici",
"cveId": "CVE-2021-25698",
"datePublished": "2021-07-21T12:26:55.000Z",
"dateReserved": "2021-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:11:28.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25699 (GCVE-0-2021-25699)
Vulnerability from cvelistv5 – Published: 2021-07-21 12:26 – Updated: 2024-08-03 20:11
VLAI
EPSS
VEX
Summary
The OpenSSL component of the Teradici PCoIP Software Client prior to version 21.07.0 was compiled without the no-autoload-config option, which allowed an attacker to elevate to the privileges of the running process via placing a specially crafted dll in a build configuration directory.
Severity
No CVSS data available.
CWE
- CWE-426 - Untrusted Search Path (CWE-426)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://advisory.teradici.com/security-advisories/102/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | - PCoIP Standard Agent - PCoIP Graphics Agent - PCoIP Software Client |
Affected:
21.07.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://advisory.teradici.com/security-advisories/102/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "- PCoIP Standard Agent - PCoIP Graphics Agent - PCoIP Software Client",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "21.07.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The OpenSSL component of the Teradici PCoIP Software Client prior to version 21.07.0 was compiled without the no-autoload-config option, which allowed an attacker to elevate to the privileges of the running process via placing a specially crafted dll in a build configuration directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "Untrusted Search Path (CWE-426)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-21T12:26:47.000Z",
"orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"shortName": "Teradici"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://advisory.teradici.com/security-advisories/102/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@teradici.com",
"ID": "CVE-2021-25699",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "- PCoIP Standard Agent - PCoIP Graphics Agent - PCoIP Software Client",
"version": {
"version_data": [
{
"version_value": "21.07.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OpenSSL component of the Teradici PCoIP Software Client prior to version 21.07.0 was compiled without the no-autoload-config option, which allowed an attacker to elevate to the privileges of the running process via placing a specially crafted dll in a build configuration directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted Search Path (CWE-426)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://advisory.teradici.com/security-advisories/102/",
"refsource": "MISC",
"url": "https://advisory.teradici.com/security-advisories/102/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"assignerShortName": "Teradici",
"cveId": "CVE-2021-25699",
"datePublished": "2021-07-21T12:26:47.000Z",
"dateReserved": "2021-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:11:27.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35451 (GCVE-0-2021-35451)
Vulnerability from cvelistv5 – Published: 2021-07-07 13:30 – Updated: 2026-07-09 00:14
VLAI
EPSS
VEX
Summary
In Teradici PCoIP Management Console-Enterprise 20.07.0, an unauthenticated user can inject arbitrary text into user browser via the Web application.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-07-09T00:14:05.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/rvismit/578f9f98d79f22d81a5e45dbbc0b4fa4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Teradici PCoIP Management Console-Enterprise 20.07.0, an unauthenticated user can inject arbitrary text into user browser via the Web application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-04T23:50:42.858Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gist.github.com/rvismit/578f9f98d79f22d81a5e45dbbc0b4fa4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-35451",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Teradici PCoIP Management Console-Enterprise 20.07.0, an unauthenticated user can inject arbitrary text into user browser via the Web application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://teradici.com",
"refsource": "MISC",
"url": "http://teradici.com"
},
{
"name": "https://gist.github.com/rvismit/578f9f98d79f22d81a5e45dbbc0b4fa4",
"refsource": "MISC",
"url": "https://gist.github.com/rvismit/578f9f98d79f22d81a5e45dbbc0b4fa4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-35451",
"datePublished": "2021-07-07T13:30:23.000Z",
"dateReserved": "2021-06-23T00:00:00.000Z",
"dateUpdated": "2026-07-09T00:14:05.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-25693 (GCVE-0-2021-25693)
Vulnerability from cvelistv5 – Published: 2021-05-13 13:20 – Updated: 2024-08-03 20:11
VLAI
EPSS
VEX
Summary
An attacker may cause a Denial of Service (DoS) in multiple versions of Teradici PCoIP Agent via a null pointer dereference.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://advisory.teradici.com/security-advisories/79/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://advisory.teradici.com/security-advisories/79/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An attacker may cause a Denial of Service (DoS) in multiple versions of Teradici PCoIP Agent via a null pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T13:20:52.000Z",
"orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"shortName": "Teradici"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://advisory.teradici.com/security-advisories/79/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@teradici.com",
"ID": "CVE-2021-25693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker may cause a Denial of Service (DoS) in multiple versions of Teradici PCoIP Agent via a null pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://advisory.teradici.com/security-advisories/79/",
"refsource": "MISC",
"url": "https://advisory.teradici.com/security-advisories/79/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"assignerShortName": "Teradici",
"cveId": "CVE-2021-25693",
"datePublished": "2021-05-13T13:20:52.000Z",
"dateReserved": "2021-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:11:27.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25694 (GCVE-0-2021-25694)
Vulnerability from cvelistv5 – Published: 2021-05-13 12:49 – Updated: 2024-08-03 20:11
VLAI
EPSS
VEX
Summary
Teradici PCoIP Graphics Agent for Windows prior to 21.03 does not validate NVENC.dll. An attacker could replace the .dll and redirect pixels elsewhere.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://advisory.teradici.com/security-advisories/80/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://advisory.teradici.com/security-advisories/80/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Teradici PCoIP Graphics Agent for Windows prior to 21.03 does not validate NVENC.dll. An attacker could replace the .dll and redirect pixels elsewhere."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T12:49:17.000Z",
"orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"shortName": "Teradici"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://advisory.teradici.com/security-advisories/80/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@teradici.com",
"ID": "CVE-2021-25694",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Teradici PCoIP Graphics Agent for Windows prior to 21.03 does not validate NVENC.dll. An attacker could replace the .dll and redirect pixels elsewhere."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://advisory.teradici.com/security-advisories/80/",
"refsource": "MISC",
"url": "https://advisory.teradici.com/security-advisories/80/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"assignerShortName": "Teradici",
"cveId": "CVE-2021-25694",
"datePublished": "2021-05-13T12:49:17.000Z",
"dateReserved": "2021-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:11:27.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25692 (GCVE-0-2021-25692)
Vulnerability from cvelistv5 – Published: 2021-04-06 19:21 – Updated: 2024-08-03 20:11
VLAI
EPSS
VEX
Summary
Sensitive smart card data is logged in default INFO logs by Teradici's PCoIP Connection Manager and Security Gateway prior to version 21.01.3.
Severity
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://advisory.teradici.com/security-advisories/77/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Teradici PCoIP Connection Manager and Security Gateway |
Affected:
prior to version 21.01.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://advisory.teradici.com/security-advisories/77/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Teradici PCoIP Connection Manager and Security Gateway",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "prior to version 21.01.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sensitive smart card data is logged in default INFO logs by Teradici\u0027s PCoIP Connection Manager and Security Gateway prior to version 21.01.3."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T19:21:50.000Z",
"orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"shortName": "Teradici"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://advisory.teradici.com/security-advisories/77/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@teradici.com",
"ID": "CVE-2021-25692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Teradici PCoIP Connection Manager and Security Gateway",
"version": {
"version_data": [
{
"version_value": "prior to version 21.01.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sensitive smart card data is logged in default INFO logs by Teradici\u0027s PCoIP Connection Manager and Security Gateway prior to version 21.01.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://advisory.teradici.com/security-advisories/77/",
"refsource": "MISC",
"url": "https://advisory.teradici.com/security-advisories/77/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"assignerShortName": "Teradici",
"cveId": "CVE-2021-25692",
"datePublished": "2021-04-06T19:21:50.000Z",
"dateReserved": "2021-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:11:27.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25688 (GCVE-0-2021-25688)
Vulnerability from cvelistv5 – Published: 2021-02-11 15:24 – Updated: 2024-08-03 20:11
VLAI
EPSS
VEX
Summary
Under certain conditions, Teradici PCoIP Agents for Windows prior to version 20.10.0 and Teradici PCoIP Agents for Linux prior to version 21.01.0 may log parts of a user's password in the application logs.
Severity
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://advisory.teradici.com/security-advisories/73/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | - PCoIP Standard Agent for Windows - PCoIP Standard Agent for Linux - PCoIP Graphics Agent for Windows - PCoIP Graphics Agent for Linux |
Affected:
Windows prior to 20.10.0, Linux prior to 21.01.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:28.203Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://advisory.teradici.com/security-advisories/73/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "- PCoIP Standard Agent for Windows - PCoIP Standard Agent for Linux - PCoIP Graphics Agent for Windows - PCoIP Graphics Agent for Linux",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Windows prior to 20.10.0, Linux prior to 21.01.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions, Teradici PCoIP Agents for Windows prior to version 20.10.0 and Teradici PCoIP Agents for Linux prior to version 21.01.0 may log parts of a user\u0027s password in the application logs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-11T15:24:19.000Z",
"orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"shortName": "Teradici"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://advisory.teradici.com/security-advisories/73/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@teradici.com",
"ID": "CVE-2021-25688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "- PCoIP Standard Agent for Windows - PCoIP Standard Agent for Linux - PCoIP Graphics Agent for Windows - PCoIP Graphics Agent for Linux",
"version": {
"version_data": [
{
"version_value": "Windows prior to 20.10.0, Linux prior to 21.01.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Under certain conditions, Teradici PCoIP Agents for Windows prior to version 20.10.0 and Teradici PCoIP Agents for Linux prior to version 21.01.0 may log parts of a user\u0027s password in the application logs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://advisory.teradici.com/security-advisories/73/",
"refsource": "MISC",
"url": "https://advisory.teradici.com/security-advisories/73/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"assignerShortName": "Teradici",
"cveId": "CVE-2021-25688",
"datePublished": "2021-02-11T15:24:19.000Z",
"dateReserved": "2021-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:11:28.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25689 (GCVE-0-2021-25689)
Vulnerability from cvelistv5 – Published: 2021-02-11 15:22 – Updated: 2024-08-03 20:11
VLAI
EPSS
VEX
Summary
An out of bounds write in Teradici PCoIP soft client versions prior to version 20.10.1 could allow an attacker to remotely execute code.
Severity
No CVSS data available.
CWE
- Out-Of-Bounds Write
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://advisory.teradici.com/security-advisories/75/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | - PCoIP Soft Client for Windows - PCoIP Soft Client for Linux - PCoIP Soft Client for OSX |
Affected:
20.10.0 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:28.175Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://advisory.teradici.com/security-advisories/75/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "- PCoIP Soft Client for Windows - PCoIP Soft Client for Linux - PCoIP Soft Client for OSX",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "20.10.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out of bounds write in Teradici PCoIP soft client versions prior to version 20.10.1 could allow an attacker to remotely execute code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-Of-Bounds Write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-11T15:22:29.000Z",
"orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"shortName": "Teradici"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://advisory.teradici.com/security-advisories/75/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@teradici.com",
"ID": "CVE-2021-25689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "- PCoIP Soft Client for Windows - PCoIP Soft Client for Linux - PCoIP Soft Client for OSX",
"version": {
"version_data": [
{
"version_value": "20.10.0 and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out of bounds write in Teradici PCoIP soft client versions prior to version 20.10.1 could allow an attacker to remotely execute code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-Of-Bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://advisory.teradici.com/security-advisories/75/",
"refsource": "MISC",
"url": "https://advisory.teradici.com/security-advisories/75/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"assignerShortName": "Teradici",
"cveId": "CVE-2021-25689",
"datePublished": "2021-02-11T15:22:29.000Z",
"dateReserved": "2021-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:11:28.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25690 (GCVE-0-2021-25690)
Vulnerability from cvelistv5 – Published: 2021-02-11 15:19 – Updated: 2024-08-03 20:11
VLAI
EPSS
VEX
Summary
A null pointer dereference in Teradici PCoIP Soft Client versions prior to 20.07.3 could allow an attacker to crash the software.
Severity
No CVSS data available.
CWE
- Null Pointer Dereference
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://advisory.teradici.com/security-advisories/74/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | - PCoIP Soft Client for Windows - PCoIP Soft Client for Linux - PCoIP Soft Client for OSX |
Affected:
20.07.2 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:28.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://advisory.teradici.com/security-advisories/74/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "- PCoIP Soft Client for Windows - PCoIP Soft Client for Linux - PCoIP Soft Client for OSX",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "20.07.2 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A null pointer dereference in Teradici PCoIP Soft Client versions prior to 20.07.3 could allow an attacker to crash the software."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Null Pointer Dereference",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-11T15:19:57.000Z",
"orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"shortName": "Teradici"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://advisory.teradici.com/security-advisories/74/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@teradici.com",
"ID": "CVE-2021-25690",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "- PCoIP Soft Client for Windows - PCoIP Soft Client for Linux - PCoIP Soft Client for OSX",
"version": {
"version_data": [
{
"version_value": "20.07.2 and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A null pointer dereference in Teradici PCoIP Soft Client versions prior to 20.07.3 could allow an attacker to crash the software."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Null Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://advisory.teradici.com/security-advisories/74/",
"refsource": "MISC",
"url": "https://advisory.teradici.com/security-advisories/74/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"assignerShortName": "Teradici",
"cveId": "CVE-2021-25690",
"datePublished": "2021-02-11T15:19:57.000Z",
"dateReserved": "2021-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:11:28.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13186 (GCVE-0-2020-13186)
Vulnerability from cvelistv5 – Published: 2021-02-11 15:14 – Updated: 2024-08-04 12:11
VLAI
EPSS
VEX
Summary
An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and earlier in a specific web form, which allowed an attacker with knowledge of both a machineID and user GUID to modify data if a user clicked a malicious link.
Severity
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://advisory.teradici.com/security-advisories/70/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | - Cloud Access Connector - Cloud Access Connector Legacy |
Affected:
v31 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:11:19.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://advisory.teradici.com/security-advisories/70/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "- Cloud Access Connector - Cloud Access Connector Legacy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v31 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and earlier in a specific web form, which allowed an attacker with knowledge of both a machineID and user GUID to modify data if a user clicked a malicious link."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-11T15:14:48.000Z",
"orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"shortName": "Teradici"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://advisory.teradici.com/security-advisories/70/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@teradici.com",
"ID": "CVE-2020-13186",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "- Cloud Access Connector - Cloud Access Connector Legacy",
"version": {
"version_data": [
{
"version_value": "v31 and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and earlier in a specific web form, which allowed an attacker with knowledge of both a machineID and user GUID to modify data if a user clicked a malicious link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352: Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://advisory.teradici.com/security-advisories/70/",
"refsource": "MISC",
"url": "https://advisory.teradici.com/security-advisories/70/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"assignerShortName": "Teradici",
"cveId": "CVE-2020-13186",
"datePublished": "2021-02-11T15:14:48.000Z",
"dateReserved": "2020-05-19T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:11:19.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13185 (GCVE-0-2020-13185)
Vulnerability from cvelistv5 – Published: 2021-02-11 15:10 – Updated: 2024-08-04 12:11
VLAI
EPSS
VEX
Summary
Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attacker in the ability to execute sensitive functions without credentials.
Severity
No CVSS data available.
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://advisory.teradici.com/security-advisories/69/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | - Cloud Access Connector - Cloud Access Connector Legacy |
Affected:
v18 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:11:19.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://advisory.teradici.com/security-advisories/69/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "- Cloud Access Connector - Cloud Access Connector Legacy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v18 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attacker in the ability to execute sensitive functions without credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-11T15:10:16.000Z",
"orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"shortName": "Teradici"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://advisory.teradici.com/security-advisories/69/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@teradici.com",
"ID": "CVE-2020-13185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "- Cloud Access Connector - Cloud Access Connector Legacy",
"version": {
"version_data": [
{
"version_value": "v18 and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attacker in the ability to execute sensitive functions without credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://advisory.teradici.com/security-advisories/69/",
"refsource": "MISC",
"url": "https://advisory.teradici.com/security-advisories/69/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"assignerShortName": "Teradici",
"cveId": "CVE-2020-13185",
"datePublished": "2021-02-11T15:10:16.000Z",
"dateReserved": "2020-05-19T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:11:19.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}