Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic Error causing remote code execution. It allows an authenticated user to execute any application in the backend operating system through the web application, despite the affected application not being published. In addition, it was discovered that it is possible to access any host in the internal domain, even if it has no published applications or the mentioned host is no longer associated with that server farm.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-07-24T16:01:41

Updated: 2024-08-04T13:30:22.762Z

Reserved: 2020-07-20T00:00:00

Link: CVE-2020-15860

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-07-24T16:15:11.973

Modified: 2024-11-21T05:06:19.637

Link: CVE-2020-15860

cve-icon Redhat

No data.