Vulnerability Details CVE-2020-13186
An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and earlier in a specific web form, which allowed an attacker with knowledge of both a machineID and user GUID to modify data if a user clicked a malicious link.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 31.7%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 2.6
References
Products affected by CVE-2020-13186
-
cpe:2.3:a:teradici:cloud_access_connector:-
-
cpe:2.3:a:teradici:cloud_access_connector:11
-
cpe:2.3:a:teradici:cloud_access_connector:12
-
cpe:2.3:a:teradici:cloud_access_connector:13
-
cpe:2.3:a:teradici:cloud_access_connector:14
-
cpe:2.3:a:teradici:cloud_access_connector:15
-
cpe:2.3:a:teradici:cloud_access_connector:16
-
cpe:2.3:a:teradici:cloud_access_connector:17
-
cpe:2.3:a:teradici:cloud_access_connector:18
-
cpe:2.3:a:teradici:cloud_access_connector:19
-
cpe:2.3:a:teradici:cloud_access_connector:20
-
cpe:2.3:a:teradici:cloud_access_connector:21
-
cpe:2.3:a:teradici:cloud_access_connector:22
-
cpe:2.3:a:teradici:cloud_access_connector:23
-
cpe:2.3:a:teradici:cloud_access_connector:24
-
cpe:2.3:a:teradici:cloud_access_connector:25
-
cpe:2.3:a:teradici:cloud_access_connector:26
-
cpe:2.3:a:teradici:cloud_access_connector:27
-
cpe:2.3:a:teradici:cloud_access_connector:28
-
cpe:2.3:a:teradici:cloud_access_connector:29
-
cpe:2.3:a:teradici:cloud_access_connector:30
-
cpe:2.3:a:teradici:cloud_access_connector:31