Parallels Remote Application Server
By the Year
In 2024 there have been 0 vulnerabilities in Parallels Remote Application Server . Last year Remote Application Server had 1 security vulnerability published. Right now, Remote Application Server is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 1 | 10.00 |
| 2022 | 1 | 8.10 |
| 2021 | 1 | 7.10 |
| 2020 | 1 | 9.90 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Remote Application Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Parallels Remote Application Server Security Vulnerabilities
The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which
CVE-2023-45894
10 - Critical
- December 14, 2023
The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via standard kiosk breakout techniques.
The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks
CVE-2022-40870
8.1 - High
- November 23, 2022
The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackers to execute arbitrary commands via a crafted payload injected into the Host header.
Output Sanitization
Parallels Remote Application Server (RAS)
CVE-2020-8968
7.1 - High
- December 17, 2021
Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of the information of the user could be compromised if an attacker is able to recover the profile password.
Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic Error causing remote code execution
CVE-2020-15860
9.9 - Critical
- July 24, 2020
Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic Error causing remote code execution. It allows an authenticated user to execute any application in the backend operating system through the web application, despite the affected application not being published. In addition, it was discovered that it is possible to access any host in the internal domain, even if it has no published applications or the mentioned host is no longer associated with that server farm.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Parallels Remote Application Server or by Parallels? Click the Watch button to subscribe.
