Parallels 13 uses cleartext HTTP as part of the update process, allowing man-in-the-middle attacks. Users of out-of-date versions are presented with a pop-up window for a parallels_updates.xml file on the http://update.parallels.com web site.
oryginał ENCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HParallels
APPParallels13
Powiązane podatności
Parallels Desktop Technical Data Reporter Link Following Local Privilege Escalation Vulnerability. This vulne...
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Deskto...
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Deskto...
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Deskto...
RCE w Parallels Remote Application Server przez brak segmentacji aplikacji