CVE-2020-13176

Name of the Vulnerable Software and Affected Versions Teradici Cloud Access Connector versions prior to 16 Teradici Cloud Access Connector Legacy versions prior to April 24, 2020

Description The Management Interface contains a stored cross-site scripting (XSS) issue, allowing a remote unauthenticated attacker to inject malicious JavaScript into log files via the login page. This malicious code is executed when an administrator views the logs within the application.

Recommendations For Teradici Cloud Access Connector versions prior to 16, update to a version released after April 24, 2020. For Teradici Cloud Access Connector Legacy, consider restricting access to the Management Interface until a fix is applied. As a temporary workaround, consider limiting administrator log viewing to minimize the risk of exploitation.