Parallels 13 uses cleartext HTTP as part of the update process, allowing man-in-the-middle attacks. Users of out-of-date versions are presented with a pop-up window for a parallels_updates.xml file on the http://update.parallels.com web site.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-01-21T16:26:36
Updated: 2024-08-04T09:25:48.212Z
Reserved: 2020-01-16T00:00:00
Link: CVE-2020-7213
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-01-21T17:15:12.800
Modified: 2024-11-21T05:36:50.620
Link: CVE-2020-7213
Redhat
No data.