CVE-2022-40870

Name of the Vulnerable Software and Affected Versions Parallels Remote Application Server version 18.0

Description The issue allows attackers to execute arbitrary commands via a crafted payload injected into the Host header, which is a result of a Host Header Injection attack. This enables attackers to potentially gain unauthorized access and control over the system.

Recommendations For Parallels Remote Application Server version 18.0, consider restricting access to the Web Client until a patch is available, and avoid using the Web Client with untrusted input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.