Vulnerability Details : CVE-2020-8968
Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of the information of the user could be compromised if an attacker is able to recover the profile password.
Published
2021-12-17 17:15:11
Updated
2023-11-20 10:15:21
Products affected by CVE-2020-8968
- Parallels » Remote Application ServerVersions from including (>=) 15.5 and up to, including, (<=) 17.0cpe:2.3:a:parallels:remote_application_server:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-8968
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 10 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-8968
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
7.1
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
1.8
|
5.2
|
Spanish National Cybersecurity Institute, S.A. (INCIBE) | |
8.0
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L |
2.5
|
5.5
|
Spanish National Cybersecurity Institute, S.A. (INCIBE) | |
7.1
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
1.8
|
5.2
|
NIST |
CWE ids for CVE-2020-8968
-
Assigned by: cve-coordination@incibe.es (Secondary)
References for CVE-2020-8968
-
https://www.incibe-cert.es/en/early-warning/security-advisories/parallels-remote-application-server-credentials-management-errors
Parallels Remote Application Server credentials management errors | INCIBE-CERTThird Party Advisory
-
https://www.incibe.es/en/incibe-cert/notices/aviso/parallels-remote-application-server-credentials-management-errors
Parallels Remote Application Server credentials management errors | INCIBE-CERT | INCIBE
Jump to