Parallels 13 uses cleartext HTTP as part of the update process, allowing man-in-the-middle attacks. Users of out-of-date versions are presented with a pop-up window for a parallels_updates.xml file on the http://update.parallels.com web site.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-01-21T16:26:36

Updated: 2024-08-04T09:25:48.212Z

Reserved: 2020-01-16T00:00:00

Link: CVE-2020-7213

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-01-21T17:15:12.800

Modified: 2024-11-21T05:36:50.620

Link: CVE-2020-7213

cve-icon Redhat

No data.