First published: Tue Aug 11 2020(Updated: )
The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 24, 2020 (v16 and earlier for the Cloud Access Connector) contains a stored cross-site scripting (XSS) vulnerability which allows a remote unauthenticated attacker to poison log files with malicious JavaScript via the login page which is executed when an administrator views the logs within the application.
Credit: security@teradici.com
Affected Software | Affected Version | How to fix |
---|---|---|
Teradici Cloud Access Connector | <=16 | |
Teradici Cloud Access Connector Legacy | <2020-04-24 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability is identified by CVE-2020-13176.
The severity of CVE-2020-13176 is medium with a CVSS score of 6.1.
The affected software for CVE-2020-13176 includes Teradici Cloud Access Connector and Teradici Cloud Access Connector Legacy versions up to April 24, 2020 (v16 and earlier).
The CWE category for CVE-2020-13176 is CWE-79 (Cross-Site Scripting).
To fix the vulnerability in Teradici Cloud Access Connector and Teradici Cloud Access Connector Legacy, update to a version later than April 24, 2020 (v16 and later).