Parallels Remote Application Server — known CVE vulnerabilities
Every CVE whose affected-product data names Parallels Remote Application Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2023-45894 — CVSS 10.0 (critical): The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a…
CVE-2020-15860 — CVSS 9.9 (critical): Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic Error causing remote code execution. It allows an authenticated user…
CVE-2022-40870 — CVSS 8.1 (high): The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows…
CVE-2025-0413 — CVSS 7.8 (high): Parallels Desktop Technical Data Reporter Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local…
CVE-2017-9447 — CVSS 7.5 (high): In the web interface of Parallels Remote Application Server (RAS) 15.5 Build 16140, a vulnerability exists due to improper validation of…
CVE-2020-8968 — CVSS 7.1 (high): Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a…
CVE-2020-35710 — CVSS 5.3 (medium): Parallels Remote Application Server (RAS) 18 allows remote attackers to discover an intranet IP address because submission of the login…