- Description
- Broker Protocol messages in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to 20.04.1 are not cleaned up in server memory, which may allow an attacker to read confidential information from a memory dump via forcing a crashing during the single sign-on procedure.
- Source
- security@teradici.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 2.1
- Impact score
- 2.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:N/A:N
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teradici:graphics_agent:*:*:*:*:*:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "14D4B030-1438-47EC-AA0A-1E74CFFA34E3",
"versionEndExcluding": "20.04.1"
},
{
"criteria": "cpe:2.3:a:teradici:pcoip_standard_agent:*:*:*:*:*:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "C746FBCC-92C4-40BA-9C88-0C9FD3494932",
"versionEndExcluding": "20.04.1"
}
],
"operator": "OR"
}
]
}
]