Apache Guacamole is a popular open-source clientless remote desktop gateways solution. Check Point Research found multiple critical reverse RDP vulnerabilities in popular remote desktop application. The reported flaws could potentially let bad actors achieve full control over the server, intercept, and control all other connected sessions. The vulnerabilities in FreeRDP were only patched on version 2.0.0-rc4, this means that all versions that were released before January 2020 are using vulnerable versions of FreeDP.
Source: https://thehackernews.com/2020/07/apache-guacamole-hacking.html