Parallels Remote Application Server (RAS) 18.0
Approved changes feed: RSS · Atom
cpe:2.3:a:parallels:remote_application_server:18.0:*:*:*:*:*:*:*
part: a version: 18.0 update: *
| Vendor | Parallels (f7bc486c-fad7-5571-9bc2-c91e15af2082) |
|---|---|
| Product | Remote Application Server (be008a13-0cbd-5058-97f2-f9ad1893639d) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-40870 |
vulnerable | 2026-06-03 14:48:03.661219 |
Details available
The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackers to execute arbitrary commands via a crafted payload injected into the Host header.
Published: 2022-11-22T00:00:00.000Z
Updated: 2025-04-29T15:12:28.507Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-35710 |
vulnerable | 2026-06-03 14:42:32.220720 |
Details available
Parallels Remote Application Server (RAS) 18 allows remote attackers to discover an intranet IP address because submission of the login form (even with blank credentials) provides this address to the attacker's client for use as a "host" value. In other words, after an attacker's web browser sent a request to the login form, it would automatically send a second request to a RASHTML5Gateway/socket.io URI with something like "host":"192.168.###.###" in the POST data.
Published: 2020-12-25T18:58:04.000Z
Updated: 2024-08-04T17:09:15.165Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.