Search criteria

12 vulnerabilities found for cloud_access_connector by teradici

FKIE_CVE-2020-13186

Vulnerability from fkie_nvd - Published: 2021-02-11 18:15 - Updated: 2024-11-21 05:00
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Summary
An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and earlier in a specific web form, which allowed an attacker with knowledge of both a machineID and user GUID to modify data if a user clicked a malicious link.
References
security@teradici.comhttps://advisory.teradici.com/security-advisories/70/Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://advisory.teradici.com/security-advisories/70/Release Notes, Vendor Advisory
Impacted products
Vendor Product Version
teradici cloud_access_connector *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:teradici:cloud_access_connector:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD4819D6-00E0-41EF-9CDF-EBC2745694A3",
              "versionEndIncluding": "31",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and earlier in a specific web form, which allowed an attacker with knowledge of both a machineID and user GUID to modify data if a user clicked a malicious link."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 que faltaba un mecanismo Anti CSRF en Teradici Cloud Access Connector versi\u00f3n v31 y anterior, en un formulario web espec\u00edfico, lo que permiti\u00f3 a un atacante con conocimiento tanto del machineID como de la GUID del usuario modificar los datos si un usuario hac\u00eda clic en un enlace malicioso"
    }
  ],
  "id": "CVE-2020-13186",
  "lastModified": "2024-11-21T05:00:49.280",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-02-11T18:15:14.127",
  "references": [
    {
      "source": "security@teradici.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://advisory.teradici.com/security-advisories/70/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://advisory.teradici.com/security-advisories/70/"
    }
  ],
  "sourceIdentifier": "security@teradici.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "security@teradici.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2020-13185

Vulnerability from fkie_nvd - Published: 2021-02-11 18:15 - Updated: 2024-11-21 05:00
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attacker in the ability to execute sensitive functions without credentials.
References
security@teradici.comhttps://advisory.teradici.com/security-advisories/69/Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://advisory.teradici.com/security-advisories/69/Release Notes, Vendor Advisory
Impacted products
Vendor Product Version
teradici cloud_access_connector *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:teradici:cloud_access_connector:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E827E00-C86C-4FE8-9675-54AF19F46D0A",
              "versionEndExcluding": "18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attacker in the ability to execute sensitive functions without credentials."
    },
    {
      "lang": "es",
      "value": "Determinadas p\u00e1ginas de aplicaciones web en la secci\u00f3n autenticada de Teradici Cloud Access Connector anterior a versi\u00f3n v18 eran accesibles sin la necesidad de especificar tokens de autenticaci\u00f3n, lo que permit\u00eda a un atacante ejecutar funciones sensibles sin credenciales"
    }
  ],
  "id": "CVE-2020-13185",
  "lastModified": "2024-11-21T05:00:49.150",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-02-11T18:15:14.020",
  "references": [
    {
      "source": "security@teradici.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://advisory.teradici.com/security-advisories/69/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://advisory.teradici.com/security-advisories/69/"
    }
  ],
  "sourceIdentifier": "security@teradici.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-288"
        }
      ],
      "source": "security@teradici.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2020-13176

Vulnerability from fkie_nvd - Published: 2020-08-11 18:15 - Updated: 2024-11-21 05:00
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 24, 2020 (v16 and earlier for the Cloud Access Connector) contains a stored cross-site scripting (XSS) vulnerability which allows a remote unauthenticated attacker to poison log files with malicious JavaScript via the login page which is executed when an administrator views the logs within the application.
References
security@teradici.comhttps://advisory.teradici.com/security-advisories/59/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://advisory.teradici.com/security-advisories/59/Vendor Advisory
Impacted products
Vendor Product Version
teradici cloud_access_connector *
teradici cloud_access_connector_legacy *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:teradici:cloud_access_connector:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "45CE67C9-CBA1-4D2E-86B5-A8FAECD7660F",
              "versionEndIncluding": "16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:teradici:cloud_access_connector_legacy:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "64CA198C-E7E8-4485-A137-C02404C99685",
              "versionEndExcluding": "2020-04-24",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 24, 2020 (v16 and earlier for the Cloud Access Connector) contains a stored cross-site scripting (XSS) vulnerability which allows a remote unauthenticated attacker to poison log files with malicious JavaScript via the login page which is executed when an administrator views the logs within the application."
    },
    {
      "lang": "es",
      "value": "La interfaz de administraci\u00f3n de Teradici Cloud Access Connector y Cloud Access Connector Legacy para versiones anteriores al 24 de abril de 2020 (versi\u00f3n v16 y anteriores para Cloud Access Connector), contiene una vulnerabilidad de tipo cross-site scripting (XSS) almacenado que permite a un atacante remoto no autenticado envenenar archivos de registro con JavaScript malicioso por medio de la p\u00e1gina de inicio de sesi\u00f3n que es ejecutada cuando un administrador visualiza los registros dentro de la aplicaci\u00f3n"
    }
  ],
  "id": "CVE-2020-13176",
  "lastModified": "2024-11-21T05:00:48.497",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-08-11T18:15:12.597",
  "references": [
    {
      "source": "security@teradici.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://advisory.teradici.com/security-advisories/59/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://advisory.teradici.com/security-advisories/59/"
    }
  ],
  "sourceIdentifier": "security@teradici.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "security@teradici.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2020-13175

Vulnerability from fkie_nvd - Published: 2020-08-11 18:15 - Updated: 2024-11-21 05:00
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 (v15 and earlier for Cloud Access Connector) contains a local file inclusion vulnerability which allows an unauthenticated remote attacker to leak LDAP credentials via a specially crafted HTTP request.
References
security@teradici.comhttps://advisory.teradici.com/security-advisories/59/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://advisory.teradici.com/security-advisories/59/Vendor Advisory
Impacted products
Vendor Product Version
teradici cloud_access_connector *
teradici cloud_access_connector_legacy *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:teradici:cloud_access_connector:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DDC4DD6-123E-47DC-8B79-BC46AA75EE99",
              "versionEndIncluding": "15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:teradici:cloud_access_connector_legacy:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F13A060-A77C-4466-8ABE-3E6C38CDB683",
              "versionEndExcluding": "2020-04-20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 (v15 and earlier for Cloud Access Connector) contains a local file inclusion vulnerability which allows an unauthenticated remote attacker to leak LDAP credentials via a specially crafted HTTP request."
    },
    {
      "lang": "es",
      "value": "La interfaz de administraci\u00f3n de Teradici Cloud Access Connector y Cloud Access Connector Legacy para versiones anteriores al 20 de abril de 2020 (versi\u00f3n v15 y anteriores para Cloud Access Connector), contiene una vulnerabilidad de inclusi\u00f3n de archivos locales que permite a un atacante remoto no autenticado filtrar credenciales de LDAP por medio de un petici\u00f3n HTTP dise\u00f1ada"
    }
  ],
  "id": "CVE-2020-13175",
  "lastModified": "2024-11-21T05:00:48.360",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-08-11T18:15:12.520",
  "references": [
    {
      "source": "security@teradici.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://advisory.teradici.com/security-advisories/59/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://advisory.teradici.com/security-advisories/59/"
    }
  ],
  "sourceIdentifier": "security@teradici.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-98"
        }
      ],
      "source": "security@teradici.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-829"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2020-13186 (GCVE-0-2020-13186)

Vulnerability from cvelistv5 – Published: 2021-02-11 15:14 – Updated: 2024-08-04 12:11
VLAI?
Summary
An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and earlier in a specific web form, which allowed an attacker with knowledge of both a machineID and user GUID to modify data if a user clicked a malicious link.
Severity ?
No CVSS data available.
CWE
  • CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
Vendor Product Version
n/a - Cloud Access Connector - Cloud Access Connector Legacy Affected: v31 and earlier
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:11:19.410Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://advisory.teradici.com/security-advisories/70/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "- Cloud Access Connector - Cloud Access Connector Legacy",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "v31 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and earlier in a specific web form, which allowed an attacker with knowledge of both a machineID and user GUID to modify data if a user clicked a malicious link."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352: Cross-Site Request Forgery (CSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-11T15:14:48",
        "orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
        "shortName": "Teradici"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://advisory.teradici.com/security-advisories/70/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@teradici.com",
          "ID": "CVE-2020-13186",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "- Cloud Access Connector - Cloud Access Connector Legacy",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "v31 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and earlier in a specific web form, which allowed an attacker with knowledge of both a machineID and user GUID to modify data if a user clicked a malicious link."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-352: Cross-Site Request Forgery (CSRF)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://advisory.teradici.com/security-advisories/70/",
              "refsource": "MISC",
              "url": "https://advisory.teradici.com/security-advisories/70/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
    "assignerShortName": "Teradici",
    "cveId": "CVE-2020-13186",
    "datePublished": "2021-02-11T15:14:48",
    "dateReserved": "2020-05-19T00:00:00",
    "dateUpdated": "2024-08-04T12:11:19.410Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-13185 (GCVE-0-2020-13185)

Vulnerability from cvelistv5 – Published: 2021-02-11 15:10 – Updated: 2024-08-04 12:11
VLAI?
Summary
Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attacker in the ability to execute sensitive functions without credentials.
Severity ?
No CVSS data available.
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
Vendor Product Version
n/a - Cloud Access Connector - Cloud Access Connector Legacy Affected: v18 and earlier
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:11:19.426Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://advisory.teradici.com/security-advisories/69/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "- Cloud Access Connector - Cloud Access Connector Legacy",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "v18 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attacker in the ability to execute sensitive functions without credentials."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-11T15:10:16",
        "orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
        "shortName": "Teradici"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://advisory.teradici.com/security-advisories/69/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@teradici.com",
          "ID": "CVE-2020-13185",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "- Cloud Access Connector - Cloud Access Connector Legacy",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "v18 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attacker in the ability to execute sensitive functions without credentials."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://advisory.teradici.com/security-advisories/69/",
              "refsource": "MISC",
              "url": "https://advisory.teradici.com/security-advisories/69/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
    "assignerShortName": "Teradici",
    "cveId": "CVE-2020-13185",
    "datePublished": "2021-02-11T15:10:16",
    "dateReserved": "2020-05-19T00:00:00",
    "dateUpdated": "2024-08-04T12:11:19.426Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-13176 (GCVE-0-2020-13176)

Vulnerability from cvelistv5 – Published: 2020-08-11 17:40 – Updated: 2024-08-04 12:11
VLAI?
Summary
The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 24, 2020 (v16 and earlier for the Cloud Access Connector) contains a stored cross-site scripting (XSS) vulnerability which allows a remote unauthenticated attacker to poison log files with malicious JavaScript via the login page which is executed when an administrator views the logs within the application.
Severity ?
No CVSS data available.
CWE
  • CWE-79 - Cross-Site Scripting (XSS) (CWE-79)
Assigner
References
Impacted products
Vendor Product Version
n/a - Cloud Access Connector - Cloud Access Connector Legacy Affected: Cloud Access Connector Legacy prior to April 24, 2020, Cloud Access Connector, v16 and earlier)
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:11:19.402Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://advisory.teradici.com/security-advisories/59/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "- Cloud Access Connector - Cloud Access Connector Legacy",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cloud Access Connector Legacy prior to April 24, 2020, Cloud Access Connector, v16 and earlier)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 24, 2020 (v16 and earlier for the Cloud Access Connector) contains a stored cross-site scripting (XSS) vulnerability which allows a remote unauthenticated attacker to poison log files with malicious JavaScript via the login page which is executed when an administrator views the logs within the application."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Cross-Site Scripting (XSS) (CWE-79)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-11T17:40:55",
        "orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
        "shortName": "Teradici"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://advisory.teradici.com/security-advisories/59/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@teradici.com",
          "ID": "CVE-2020-13176",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "- Cloud Access Connector - Cloud Access Connector Legacy",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cloud Access Connector Legacy prior to April 24, 2020, Cloud Access Connector, v16 and earlier)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 24, 2020 (v16 and earlier for the Cloud Access Connector) contains a stored cross-site scripting (XSS) vulnerability which allows a remote unauthenticated attacker to poison log files with malicious JavaScript via the login page which is executed when an administrator views the logs within the application."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting (XSS) (CWE-79)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://advisory.teradici.com/security-advisories/59/",
              "refsource": "MISC",
              "url": "https://advisory.teradici.com/security-advisories/59/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
    "assignerShortName": "Teradici",
    "cveId": "CVE-2020-13176",
    "datePublished": "2020-08-11T17:40:55",
    "dateReserved": "2020-05-19T00:00:00",
    "dateUpdated": "2024-08-04T12:11:19.402Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-13175 (GCVE-0-2020-13175)

Vulnerability from cvelistv5 – Published: 2020-08-11 17:40 – Updated: 2024-08-04 12:11
VLAI?
Summary
The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 (v15 and earlier for Cloud Access Connector) contains a local file inclusion vulnerability which allows an unauthenticated remote attacker to leak LDAP credentials via a specially crafted HTTP request.
Severity ?
No CVSS data available.
CWE
  • CWE-98 - Local File Inclusion (CWE-98)
Assigner
References
Impacted products
Vendor Product Version
n/a - Cloud Access Connector - Cloud Access Connector Legacy Affected: Cloud Access Connector Legacy prior to April 20, 2020, Cloud Access Connector v15 and earlier
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:11:19.554Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://advisory.teradici.com/security-advisories/59/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "- Cloud Access Connector - Cloud Access Connector Legacy",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cloud Access Connector Legacy prior to April 20, 2020, Cloud Access Connector v15 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 (v15 and earlier for Cloud Access Connector) contains a local file inclusion vulnerability which allows an unauthenticated remote attacker to leak LDAP credentials via a specially crafted HTTP request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-98",
              "description": "Local File Inclusion (CWE-98)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-11T17:40:37",
        "orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
        "shortName": "Teradici"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://advisory.teradici.com/security-advisories/59/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@teradici.com",
          "ID": "CVE-2020-13175",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "- Cloud Access Connector - Cloud Access Connector Legacy",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cloud Access Connector Legacy prior to April 20, 2020, Cloud Access Connector v15 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 (v15 and earlier for Cloud Access Connector) contains a local file inclusion vulnerability which allows an unauthenticated remote attacker to leak LDAP credentials via a specially crafted HTTP request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Local File Inclusion (CWE-98)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://advisory.teradici.com/security-advisories/59/",
              "refsource": "MISC",
              "url": "https://advisory.teradici.com/security-advisories/59/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
    "assignerShortName": "Teradici",
    "cveId": "CVE-2020-13175",
    "datePublished": "2020-08-11T17:40:37",
    "dateReserved": "2020-05-19T00:00:00",
    "dateUpdated": "2024-08-04T12:11:19.554Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-13186 (GCVE-0-2020-13186)

Vulnerability from nvd – Published: 2021-02-11 15:14 – Updated: 2024-08-04 12:11
VLAI?
Summary
An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and earlier in a specific web form, which allowed an attacker with knowledge of both a machineID and user GUID to modify data if a user clicked a malicious link.
Severity ?
No CVSS data available.
CWE
  • CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
Vendor Product Version
n/a - Cloud Access Connector - Cloud Access Connector Legacy Affected: v31 and earlier
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:11:19.410Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://advisory.teradici.com/security-advisories/70/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "- Cloud Access Connector - Cloud Access Connector Legacy",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "v31 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and earlier in a specific web form, which allowed an attacker with knowledge of both a machineID and user GUID to modify data if a user clicked a malicious link."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352: Cross-Site Request Forgery (CSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-11T15:14:48",
        "orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
        "shortName": "Teradici"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://advisory.teradici.com/security-advisories/70/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@teradici.com",
          "ID": "CVE-2020-13186",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "- Cloud Access Connector - Cloud Access Connector Legacy",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "v31 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and earlier in a specific web form, which allowed an attacker with knowledge of both a machineID and user GUID to modify data if a user clicked a malicious link."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-352: Cross-Site Request Forgery (CSRF)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://advisory.teradici.com/security-advisories/70/",
              "refsource": "MISC",
              "url": "https://advisory.teradici.com/security-advisories/70/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
    "assignerShortName": "Teradici",
    "cveId": "CVE-2020-13186",
    "datePublished": "2021-02-11T15:14:48",
    "dateReserved": "2020-05-19T00:00:00",
    "dateUpdated": "2024-08-04T12:11:19.410Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-13185 (GCVE-0-2020-13185)

Vulnerability from nvd – Published: 2021-02-11 15:10 – Updated: 2024-08-04 12:11
VLAI?
Summary
Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attacker in the ability to execute sensitive functions without credentials.
Severity ?
No CVSS data available.
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
Vendor Product Version
n/a - Cloud Access Connector - Cloud Access Connector Legacy Affected: v18 and earlier
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:11:19.426Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://advisory.teradici.com/security-advisories/69/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "- Cloud Access Connector - Cloud Access Connector Legacy",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "v18 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attacker in the ability to execute sensitive functions without credentials."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-11T15:10:16",
        "orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
        "shortName": "Teradici"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://advisory.teradici.com/security-advisories/69/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@teradici.com",
          "ID": "CVE-2020-13185",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "- Cloud Access Connector - Cloud Access Connector Legacy",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "v18 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attacker in the ability to execute sensitive functions without credentials."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://advisory.teradici.com/security-advisories/69/",
              "refsource": "MISC",
              "url": "https://advisory.teradici.com/security-advisories/69/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
    "assignerShortName": "Teradici",
    "cveId": "CVE-2020-13185",
    "datePublished": "2021-02-11T15:10:16",
    "dateReserved": "2020-05-19T00:00:00",
    "dateUpdated": "2024-08-04T12:11:19.426Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-13176 (GCVE-0-2020-13176)

Vulnerability from nvd – Published: 2020-08-11 17:40 – Updated: 2024-08-04 12:11
VLAI?
Summary
The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 24, 2020 (v16 and earlier for the Cloud Access Connector) contains a stored cross-site scripting (XSS) vulnerability which allows a remote unauthenticated attacker to poison log files with malicious JavaScript via the login page which is executed when an administrator views the logs within the application.
Severity ?
No CVSS data available.
CWE
  • CWE-79 - Cross-Site Scripting (XSS) (CWE-79)
Assigner
References
Impacted products
Vendor Product Version
n/a - Cloud Access Connector - Cloud Access Connector Legacy Affected: Cloud Access Connector Legacy prior to April 24, 2020, Cloud Access Connector, v16 and earlier)
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:11:19.402Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://advisory.teradici.com/security-advisories/59/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "- Cloud Access Connector - Cloud Access Connector Legacy",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cloud Access Connector Legacy prior to April 24, 2020, Cloud Access Connector, v16 and earlier)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 24, 2020 (v16 and earlier for the Cloud Access Connector) contains a stored cross-site scripting (XSS) vulnerability which allows a remote unauthenticated attacker to poison log files with malicious JavaScript via the login page which is executed when an administrator views the logs within the application."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Cross-Site Scripting (XSS) (CWE-79)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-11T17:40:55",
        "orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
        "shortName": "Teradici"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://advisory.teradici.com/security-advisories/59/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@teradici.com",
          "ID": "CVE-2020-13176",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "- Cloud Access Connector - Cloud Access Connector Legacy",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cloud Access Connector Legacy prior to April 24, 2020, Cloud Access Connector, v16 and earlier)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 24, 2020 (v16 and earlier for the Cloud Access Connector) contains a stored cross-site scripting (XSS) vulnerability which allows a remote unauthenticated attacker to poison log files with malicious JavaScript via the login page which is executed when an administrator views the logs within the application."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting (XSS) (CWE-79)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://advisory.teradici.com/security-advisories/59/",
              "refsource": "MISC",
              "url": "https://advisory.teradici.com/security-advisories/59/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
    "assignerShortName": "Teradici",
    "cveId": "CVE-2020-13176",
    "datePublished": "2020-08-11T17:40:55",
    "dateReserved": "2020-05-19T00:00:00",
    "dateUpdated": "2024-08-04T12:11:19.402Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-13175 (GCVE-0-2020-13175)

Vulnerability from nvd – Published: 2020-08-11 17:40 – Updated: 2024-08-04 12:11
VLAI?
Summary
The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 (v15 and earlier for Cloud Access Connector) contains a local file inclusion vulnerability which allows an unauthenticated remote attacker to leak LDAP credentials via a specially crafted HTTP request.
Severity ?
No CVSS data available.
CWE
  • CWE-98 - Local File Inclusion (CWE-98)
Assigner
References
Impacted products
Vendor Product Version
n/a - Cloud Access Connector - Cloud Access Connector Legacy Affected: Cloud Access Connector Legacy prior to April 20, 2020, Cloud Access Connector v15 and earlier
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:11:19.554Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://advisory.teradici.com/security-advisories/59/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "- Cloud Access Connector - Cloud Access Connector Legacy",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cloud Access Connector Legacy prior to April 20, 2020, Cloud Access Connector v15 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 (v15 and earlier for Cloud Access Connector) contains a local file inclusion vulnerability which allows an unauthenticated remote attacker to leak LDAP credentials via a specially crafted HTTP request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-98",
              "description": "Local File Inclusion (CWE-98)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-11T17:40:37",
        "orgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
        "shortName": "Teradici"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://advisory.teradici.com/security-advisories/59/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@teradici.com",
          "ID": "CVE-2020-13175",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "- Cloud Access Connector - Cloud Access Connector Legacy",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cloud Access Connector Legacy prior to April 20, 2020, Cloud Access Connector v15 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 (v15 and earlier for Cloud Access Connector) contains a local file inclusion vulnerability which allows an unauthenticated remote attacker to leak LDAP credentials via a specially crafted HTTP request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Local File Inclusion (CWE-98)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://advisory.teradici.com/security-advisories/59/",
              "refsource": "MISC",
              "url": "https://advisory.teradici.com/security-advisories/59/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ba3c294d-a544-4fff-ad44-2de7c7bbb6be",
    "assignerShortName": "Teradici",
    "cveId": "CVE-2020-13175",
    "datePublished": "2020-08-11T17:40:37",
    "dateReserved": "2020-05-19T00:00:00",
    "dateUpdated": "2024-08-04T12:11:19.554Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}