Sign-up

ID

VAR-202112-1785


CVE

CVE-2020-8968


TITLE

Parallels Remote Application Server  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-016880

DESCRIPTION

Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of the information of the user could be compromised if an attacker is able to recover the profile password

Trust: 1.62

sources: NVD: CVE-2020-8968 // JVNDB: JVNDB-2021-016880

AFFECTED PRODUCTS

vendor:parallelsmodel:remote application serverscope:lteversion:17.0

Trust: 1.0

vendor:parallelsmodel:remote application serverscope:gteversion:15.5

Trust: 1.0

vendor:parallelsmodel:remote application serverscope:eqversion: -

Trust: 0.8

vendor:parallelsmodel:remote application serverscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-016880 // NVD: CVE-2020-8968

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2020-8968
value: HIGH

Trust: 1.8

cve-coordination@incibe.es: CVE-2020-8968
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202112-1451
value: HIGH

Trust: 0.6

NVD:
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2020-8968
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

NVD:
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 5.2
version: 3.1

Trust: 2.0

NVD: CVE-2020-8968
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2021-016880 // NVD: CVE-2020-8968 // NVD: CVE-2020-8968 // CNNVD: CNNVD-202112-1451

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-016880 // NVD: CVE-2020-8968

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202112-1451

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202112-1451

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2020-8968

PATCH
title:Parallels RASurl:https://www.parallels.com/products/ras/remote-application-server/
Trust: 0.8
title:Parallels Remote Application Server Repair measures for trust management problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=175841
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2021-016880 // 
            
            
            
            CNNVD: CNNVD-202112-1451

EXTERNAL IDS
db:NVDid:CVE-2020-8968
Trust: 3.2
db:JVNDBid:JVNDB-2021-016880
Trust: 0.8
db:CNNVDid:CNNVD-202112-1451
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2021-016880 // 
            
            
            
            NVD: CVE-2020-8968 // 
            
            
            
            CNNVD: CNNVD-202112-1451

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2020-8968
Trust: 1.4
url:https://www.incibe-cert.es/en/early-warning/security-advisories/parallels-remote-application-server-credentials-management-errors
Trust: 1.4
url:https://www.incibe.es/en/incibe-cert/notices/aviso/parallels-remote-application-server-credentials-management-errors
Trust: 1.0
sources:
            
            
            JVNDB: JVNDB-2021-016880 // 
            
            
            
            NVD: CVE-2020-8968 // 
            
            
            
            CNNVD: CNNVD-202112-1451

SOURCES
db:JVNDBid:JVNDB-2021-016880
db:NVDid:CVE-2020-8968
db:CNNVDid:CNNVD-202112-1451

LAST UPDATE DATE
2023-12-18T13:27:29.768000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2021-016880date:2022-12-26T04:46:00
db:NVDid:CVE-2020-8968date:2023-11-20T10:15:20.693
db:CNNVDid:CNNVD-202112-1451date:2022-09-21T00:00:00

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2021-016880date:2022-12-26T00:00:00
db:NVDid:CVE-2020-8968date:2021-12-17T17:15:10.663
db:CNNVDid:CNNVD-202112-1451date:2021-12-17T00:00:00