cbcvebase.
CVE-2020-8968
published 2021-12-17

CVE-2020-8968: Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored…

PriorityP431high7.1CVSS 3.1
AVLACLPRLUINSUCHIHAN
EPSS
0.27%
18.9th percentile
Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of the information of the user could be compromised if an attacker is able to recover the profile password.

Affected

2 ranges
VendorProductVersion rangeFixed in
parallelsparallels_remote_application_server15.5 – 17
parallelsremote_application_server15.5 – 17.0

CVSS provenance

nvdv3.17.1HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.