Vulnerabilities > Parallels > Remote Application Server > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-23 | CVE-2022-40870 | Improper Encoding or Escaping of Output vulnerability in Parallels Remote Application Server 18.0 The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. | 8.1 |
| 2021-12-17 | CVE-2020-8968 | Unspecified vulnerability in Parallels Remote Application Server 15.5/17.0 Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. | 7.1 |
| 2018-02-28 | CVE-2017-9447 | Path Traversal vulnerability in Parallels Remote Application Server 15.5 In the web interface of Parallels Remote Application Server (RAS) 15.5 Build 16140, a vulnerability exists due to improper validation of the file path when requesting a resource under the "RASHTML5Gateway" directory. | 7.5 |