CVE-2020-13179

EPSS 0.06%
Veröffentlicht 11.08.2020 19:15:17
Zuletzt bearbeitet 21.11.2024 05:00:48
Quelle security@teradici.com
CVE-Watchlists
Login
Unerledigt
Login

Broker Protocol messages in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to 20.04.1 are not cleaned up in server memory, which may allow an attacker to read confidential information from a memory dump via forcing a crashing during the single sign-on procedure.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Teradici ≫ Graphics Agent SwPlatformwindows Version < 20.04.1

Teradici ≫ Pcoip Standard Agent SwPlatformwindows Version < 20.04.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.156

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer

The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.

https://advisory.teradici.com/security-advisories/60/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-13179

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-13179

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-13179

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-13179