The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackers to execute arbitrary commands via a crafted payload injected into the Host header.
                
            References
                    | Link | Resource | 
|---|---|
| https://github.com/IthacaLabs/Parallels/blob/main/ParallelsRemoteApplicationServer/HHI_CVE-2022-40870.txt | Exploit Third Party Advisory | 
| https://github.com/IthacaLabs/Parallels/tree/main/ParallelsRemoteApplicationServer | Exploit Third Party Advisory | 
| https://github.com/IthacaLabs/Parallels/blob/main/ParallelsRemoteApplicationServer/HHI_CVE-2022-40870.txt | Exploit Third Party Advisory | 
| https://github.com/IthacaLabs/Parallels/tree/main/ParallelsRemoteApplicationServer | Exploit Third Party Advisory | 
Configurations
                    History
                    21 Nov 2024, 07:22
| Type | Values Removed | Values Added | 
|---|---|---|
| References | () https://github.com/IthacaLabs/Parallels/blob/main/ParallelsRemoteApplicationServer/HHI_CVE-2022-40870.txt - Exploit, Third Party Advisory | |
| References | () https://github.com/IthacaLabs/Parallels/tree/main/ParallelsRemoteApplicationServer - Exploit, Third Party Advisory | 
26 Nov 2022, 03:33
| Type | Values Removed | Values Added | 
|---|---|---|
| New CVE | 
Information
                Published : 2022-11-23 00:15
Updated : 2025-04-29 16:15
NVD link : CVE-2022-40870
Mitre link : CVE-2022-40870
CVE.ORG link : CVE-2022-40870
JSON object : View
Products Affected
                parallels
- remote_application_server
CWE
                
                    
                        
                        CWE-116
                        
            Improper Encoding or Escaping of Output
