CVE-2022-40870
First published: Wed Nov 23 2022(Updated: )
The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackers to execute arbitrary commands via a crafted payload injected into the Host header.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Parallels Remote Application Server | =18.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-40870?
CVE-2022-40870 is a vulnerability in the Web Client of Parallels Remote Application Server v18.0 that allows attackers to execute arbitrary commands through a crafted payload injected into the Host header.
How severe is CVE-2022-40870?
CVE-2022-40870 has a severity rating of 8.1 out of 10, indicating a high severity.
How does CVE-2022-40870 affect Parallels Remote Application Server?
CVE-2022-40870 affects Parallels Remote Application Server v18.0.
What is Host Header Injection?
Host Header Injection is a vulnerability where an attacker can manipulate the Host header to inject a crafted payload.
Is there a fix available for CVE-2022-40870?
It is recommended to update to a patched version provided by Parallels Remote Application Server to fix CVE-2022-40870.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/tags
- agent/description
- agent/event
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/parallels
- canonical/parallels remote application server
- version/parallels remote application server/18.0