CVE-2020-13185

EPSS 0.23%
Veröffentlicht 11.02.2021 18:15:14
Zuletzt bearbeitet 21.11.2024 05:00:49
Quelle security@teradici.com
CVE-Watchlists
Login
Unerledigt
Login

Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attacker in the ability to execute sensitive functions without credentials.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Teradici ≫ Cloud Access Connector Version < 18

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.458

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

CWE-288 Authentication Bypass Using an Alternate Path or Channel

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

https://advisory.teradici.com/security-advisories/69/

Vendor Advisory

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2020-13185

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-13185

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-13185

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-13185