Vulnerabilites related to teradici - cloud_access_connector_legacy
CVE-2020-13175 (GCVE-0-2020-13175)
Vulnerability from cvelistv5
Published
2020-08-11 17:40
Modified
2024-08-04 12:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-98 - Local File Inclusion ()
Summary
The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 (v15 and earlier for Cloud Access Connector) contains a local file inclusion vulnerability which allows an unauthenticated remote attacker to leak LDAP credentials via a specially crafted HTTP request.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | - Cloud Access Connector - Cloud Access Connector Legacy |
Version: Cloud Access Connector Legacy prior to April 20, 2020, Cloud Access Connector v15 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:11:19.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://advisory.teradici.com/security-advisories/59/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "- Cloud Access Connector - Cloud Access Connector Legacy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cloud Access Connector Legacy prior to April 20, 2020, Cloud Access Connector v15 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 (v15 and earlier for Cloud Access Connector) contains a local file inclusion vulnerability which allows an unauthenticated remote attacker to leak LDAP credentials via a specially crafted HTTP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-98",
"description": "Local File Inclusion (CWE-98)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-11T17:40:37",
"orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"shortName": "Teradici"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://advisory.teradici.com/security-advisories/59/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@teradici.com",
"ID": "CVE-2020-13175",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "- Cloud Access Connector - Cloud Access Connector Legacy",
"version": {
"version_data": [
{
"version_value": "Cloud Access Connector Legacy prior to April 20, 2020, Cloud Access Connector v15 and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 (v15 and earlier for Cloud Access Connector) contains a local file inclusion vulnerability which allows an unauthenticated remote attacker to leak LDAP credentials via a specially crafted HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local File Inclusion (CWE-98)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://advisory.teradici.com/security-advisories/59/",
"refsource": "MISC",
"url": "https://advisory.teradici.com/security-advisories/59/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"assignerShortName": "Teradici",
"cveId": "CVE-2020-13175",
"datePublished": "2020-08-11T17:40:37",
"dateReserved": "2020-05-19T00:00:00",
"dateUpdated": "2024-08-04T12:11:19.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13176 (GCVE-0-2020-13176)
Vulnerability from cvelistv5
Published
2020-08-11 17:40
Modified
2024-08-04 12:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-Site Scripting (XSS) ()
Summary
The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 24, 2020 (v16 and earlier for the Cloud Access Connector) contains a stored cross-site scripting (XSS) vulnerability which allows a remote unauthenticated attacker to poison log files with malicious JavaScript via the login page which is executed when an administrator views the logs within the application.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | - Cloud Access Connector - Cloud Access Connector Legacy |
Version: Cloud Access Connector Legacy prior to April 24, 2020, Cloud Access Connector, v16 and earlier) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:11:19.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://advisory.teradici.com/security-advisories/59/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "- Cloud Access Connector - Cloud Access Connector Legacy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cloud Access Connector Legacy prior to April 24, 2020, Cloud Access Connector, v16 and earlier)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 24, 2020 (v16 and earlier for the Cloud Access Connector) contains a stored cross-site scripting (XSS) vulnerability which allows a remote unauthenticated attacker to poison log files with malicious JavaScript via the login page which is executed when an administrator views the logs within the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-Site Scripting (XSS) (CWE-79)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-11T17:40:55",
"orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"shortName": "Teradici"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://advisory.teradici.com/security-advisories/59/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@teradici.com",
"ID": "CVE-2020-13176",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "- Cloud Access Connector - Cloud Access Connector Legacy",
"version": {
"version_data": [
{
"version_value": "Cloud Access Connector Legacy prior to April 24, 2020, Cloud Access Connector, v16 and earlier)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 24, 2020 (v16 and earlier for the Cloud Access Connector) contains a stored cross-site scripting (XSS) vulnerability which allows a remote unauthenticated attacker to poison log files with malicious JavaScript via the login page which is executed when an administrator views the logs within the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting (XSS) (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://advisory.teradici.com/security-advisories/59/",
"refsource": "MISC",
"url": "https://advisory.teradici.com/security-advisories/59/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
"assignerShortName": "Teradici",
"cveId": "CVE-2020-13176",
"datePublished": "2020-08-11T17:40:55",
"dateReserved": "2020-05-19T00:00:00",
"dateUpdated": "2024-08-04T12:11:19.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-08-11 18:15
Modified
2024-11-21 05:00
Severity ?
Summary
The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 (v15 and earlier for Cloud Access Connector) contains a local file inclusion vulnerability which allows an unauthenticated remote attacker to leak LDAP credentials via a specially crafted HTTP request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| teradici | cloud_access_connector | * | |
| teradici | cloud_access_connector_legacy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teradici:cloud_access_connector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDC4DD6-123E-47DC-8B79-BC46AA75EE99",
"versionEndIncluding": "15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teradici:cloud_access_connector_legacy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F13A060-A77C-4466-8ABE-3E6C38CDB683",
"versionEndExcluding": "2020-04-20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 (v15 and earlier for Cloud Access Connector) contains a local file inclusion vulnerability which allows an unauthenticated remote attacker to leak LDAP credentials via a specially crafted HTTP request."
},
{
"lang": "es",
"value": "La interfaz de administraci\u00f3n de Teradici Cloud Access Connector y Cloud Access Connector Legacy para versiones anteriores al 20 de abril de 2020 (versi\u00f3n v15 y anteriores para Cloud Access Connector), contiene una vulnerabilidad de inclusi\u00f3n de archivos locales que permite a un atacante remoto no autenticado filtrar credenciales de LDAP por medio de un petici\u00f3n HTTP dise\u00f1ada"
}
],
"id": "CVE-2020-13175",
"lastModified": "2024-11-21T05:00:48.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-11T18:15:12.520",
"references": [
{
"source": "security@teradici.com",
"tags": [
"Vendor Advisory"
],
"url": "https://advisory.teradici.com/security-advisories/59/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://advisory.teradici.com/security-advisories/59/"
}
],
"sourceIdentifier": "security@teradici.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-98"
}
],
"source": "security@teradici.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-829"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-11 18:15
Modified
2024-11-21 05:00
Severity ?
Summary
The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 24, 2020 (v16 and earlier for the Cloud Access Connector) contains a stored cross-site scripting (XSS) vulnerability which allows a remote unauthenticated attacker to poison log files with malicious JavaScript via the login page which is executed when an administrator views the logs within the application.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| teradici | cloud_access_connector | * | |
| teradici | cloud_access_connector_legacy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teradici:cloud_access_connector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45CE67C9-CBA1-4D2E-86B5-A8FAECD7660F",
"versionEndIncluding": "16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teradici:cloud_access_connector_legacy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64CA198C-E7E8-4485-A137-C02404C99685",
"versionEndExcluding": "2020-04-24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 24, 2020 (v16 and earlier for the Cloud Access Connector) contains a stored cross-site scripting (XSS) vulnerability which allows a remote unauthenticated attacker to poison log files with malicious JavaScript via the login page which is executed when an administrator views the logs within the application."
},
{
"lang": "es",
"value": "La interfaz de administraci\u00f3n de Teradici Cloud Access Connector y Cloud Access Connector Legacy para versiones anteriores al 24 de abril de 2020 (versi\u00f3n v16 y anteriores para Cloud Access Connector), contiene una vulnerabilidad de tipo cross-site scripting (XSS) almacenado que permite a un atacante remoto no autenticado envenenar archivos de registro con JavaScript malicioso por medio de la p\u00e1gina de inicio de sesi\u00f3n que es ejecutada cuando un administrador visualiza los registros dentro de la aplicaci\u00f3n"
}
],
"id": "CVE-2020-13176",
"lastModified": "2024-11-21T05:00:48.497",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-11T18:15:12.597",
"references": [
{
"source": "security@teradici.com",
"tags": [
"Vendor Advisory"
],
"url": "https://advisory.teradici.com/security-advisories/59/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://advisory.teradici.com/security-advisories/59/"
}
],
"sourceIdentifier": "security@teradici.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@teradici.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}