CRITICAL🇵🇱 Wersja polska

CVE-2020-15860

CVSS 9.9v3.1pub. 2020-07-24upd. 2024-11-21

Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic Error causing remote code execution. It allows an authenticated user to execute any application in the backend operating system through the web application, despite the affected application not being published. In addition, it was discovered that it is possible to access any host in the internal domain, even if it has no published applications or the mentioned host is no longer associated with that server farm.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Parallels Remote Application Server

    APP
    Parallels
    17.1.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2023-45894CRITICAL10.0PL ✓ten sam produkt

RCE w Parallels Remote Application Server przez brak segmentacji aplikacji

CVE-2025-0413HIGH7.8ten sam produkt

Parallels Desktop Technical Data Reporter Link Following Local Privilege Escalation Vulnerability. This vulne...

CVE-2022-40870HIGH8.1ten sam produkt

The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. Th...

CVE-2020-8968HIGH7.1ten sam produkt

Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clea...

CVE-2017-9447HIGH7.5ten sam produkt

In the web interface of Parallels Remote Application Server (RAS) 15.5 Build 16140, a vulnerability exists due...