Lucene search

MitreCVE-2022-40870

HistoryNov 23, 2022 - 12:15 a.m.

CVE-2022-40870

2022-11-2300:15:11

CWE-116

mitre

web.nvd.nist.gov

cve-2022-40870

parallels

remote application server

v18.0

host header injection

vulnerability

nvd

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

72.4%

JSON

The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackers to execute arbitrary commands via a crafted payload injected into the Host header.

Affected configurations

Nvd

Node

parallelsremote_application_serverMatch18.0

VendorProductVersionCPE
parallelsremote_application_server18.0cpe:2.3:a:parallels:remote_application_server:18.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
parallels	remote_application_server	18.0	cpe:2.3:a:parallels:remote_application_server:18.0:::::::*

References

github.com/IthacaLabs/Parallels/blob/main/ParallelsRemoteApplicationServer/HHI_CVE-2022-40870.txt

github.com/IthacaLabs/Parallels/tree/main/ParallelsRemoteApplicationServer

Social References

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

72.4%

JSON

Related for CVE-2022-40870