Sign-up

ID

VAR-202211-1454


CVE

CVE-2022-40870


TITLE

Parallels  of  Remote Application Server  Encoding and escaping vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2022-021509

DESCRIPTION

The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackers to execute arbitrary commands via a crafted payload injected into the Host header. Parallels of Remote Application Server Exists in encoding and escaping vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2022-40870 // JVNDB: JVNDB-2022-021509

AFFECTED PRODUCTS

vendor:parallelsmodel:remote application serverscope:eqversion:18.0

Trust: 1.8

vendor:parallelsmodel:remote application serverscope: - version: -

Trust: 0.8

vendor:parallelsmodel:remote application serverscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-021509 // NVD: CVE-2022-40870

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-40870
value: HIGH

Trust: 1.8

CNNVD: CNNVD-202211-3340
value: HIGH

Trust: 0.6

NVD:
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-40870
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-021509 // NVD: CVE-2022-40870 // CNNVD: CNNVD-202211-3340

PROBLEMTYPE DATA

problemtype:CWE-116

Trust: 1.0

problemtype:Improper encoding or output escaping (CWE-116) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-021509 // NVD: CVE-2022-40870

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202211-3340

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202211-3340

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-40870

PATCH
title:Parallels Remote Application Server Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=215491
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202211-3340

EXTERNAL IDS
db:NVDid:CVE-2022-40870
Trust: 3.2
db:JVNDBid:JVNDB-2022-021509
Trust: 0.8
db:CNNVDid:CNNVD-202211-3340
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2022-021509 // 
            
            
            
            NVD: CVE-2022-40870 // 
            
            
            
            CNNVD: CNNVD-202211-3340

REFERENCES
url:https://github.com/ithacalabs/parallels/blob/main/parallelsremoteapplicationserver/hhi_cve-2022-40870.txt
Trust: 2.4
url:https://github.com/ithacalabs/parallels/tree/main/parallelsremoteapplicationserver
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2022-40870
Trust: 0.8
url:https://cxsecurity.com/cveshow/cve-2022-40870/
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2022-021509 // 
            
            
            
            NVD: CVE-2022-40870 // 
            
            
            
            CNNVD: CNNVD-202211-3340

SOURCES
db:JVNDBid:JVNDB-2022-021509
db:NVDid:CVE-2022-40870
db:CNNVDid:CNNVD-202211-3340

LAST UPDATE DATE
2023-12-18T13:31:53.573000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2022-021509date:2023-11-10T08:18:00
db:NVDid:CVE-2022-40870date:2022-11-26T03:33:14.027
db:CNNVDid:CNNVD-202211-3340date:2022-11-28T00:00:00

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2022-021509date:2023-11-10T00:00:00
db:NVDid:CVE-2022-40870date:2022-11-23T00:15:11.063
db:CNNVDid:CNNVD-202211-3340date:2022-11-23T00:00:00