CVE-2020-13185

Published: Feb 11, 2021Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attacker in the ability to execute sensitive functions without credentials.

Affected (1)

Products: Teradici: Cloud Access Connector

1 product

Cloud Access Connector

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Teradici Cloud Access Connector	Before 18

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Authentication Bypass Using an Alternate Path or Channel

A product requires authentication, but the product has an alternate path or channel that does not require authentication.

References (2)

https://advisory.teradici.com/security-advisories/69/

Source: security@teradici.com

Release NotesVendor Advisory

https://advisory.teradici.com/security-advisories/69/

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.