CVE-2020-8968 — HIGH (7.1) — White Hats Nepal

Q: How severe is CVE-2020-8968?

CVE-2020-8968 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-8968?

Check the references section above for vendor advisories and patch information. Affected products include: Parallels Remote Application Server.

Vulnerability Description

Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of the information of the user could be compromised if an attacker is able to recover the profile password.

CVSS Score

7.1

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Parallels	Remote Application Server	>= 15.5, <= 17.0

Related Weaknesses (CWE)

CWE-255

References

FAQ

What is CVE-2020-8968?

CVE-2020-8968 is a vulnerability with a CVSS score of 7.1 (HIGH). Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confide...

How severe is CVE-2020-8968?

CVE-2020-8968 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-8968?

Check the references section above for vendor advisories and patch information. Affected products include: Parallels Remote Application Server.