CVE-2022-40870 - Parallels Remote Application Server
Critical 8.1
The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackers to execute arbitrary commands via a crafted payload injected into the Host header.
Affected software
Parallels Remote Application Server