CVE-2021-35451 — MEDIUM (6.1)

Vulnerability Description

In Teradici PCoIP Management Console-Enterprise 20.07.0, an unauthenticated user can inject arbitrary text into user browser via the Web application.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Teradici	Pcoip Management Console	20.07.0

Related Weaknesses (CWE)

CWE-79

References

http://teradici.comVendor Advisory
https://gist.github.com/rvismit/578f9f98d79f22d81a5e45dbbc0b4fa4ExploitThird Party Advisory
http://teradici.comVendor Advisory
https://gist.github.com/rvismit/578f9f98d79f22d81a5e45dbbc0b4fa4ExploitThird Party Advisory

FAQ

What is CVE-2021-35451?

CVE-2021-35451 is a vulnerability with a CVSS score of 6.1 (MEDIUM). In Teradici PCoIP Management Console-Enterprise 20.07.0, an unauthenticated user can inject arbitrary text into user browser via the Web application.

How severe is CVE-2021-35451?

CVE-2021-35451 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-35451?

Check the references section above for vendor advisories and patch information. Affected products include: Teradici Pcoip Management Console.