All the vulnerabilites related to Devolutions - Remote Desktop Manager
cve-2024-6055
Vulnerability from cvelistv5
Published
2024-06-17 12:55
Modified
2024-10-30 19:14
Severity ?
EPSS score ?
Summary
Improper removal of sensitive information in data source export feature in Devolutions Remote Desktop Manager 2024.1.32.0 and earlier on Windows allows an attacker that obtains the exported settings to recover powershell credentials configured on the data source via stealing the configuration file.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Devolutions | Remote Desktop Manager |
Version: 0 < |
|
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-6055", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-18T14:58:00.585190Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-212", "description": "CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-30T19:14:03.801Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:25:03.279Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://devolutions.net/security/advisories/DEVO-2024-0008" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Remote Desktop Manager", "vendor": "Devolutions", "versions": [ { "lessThanOrEqual": "2024.1.32.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003eImproper removal of sensitive information in data source export feature in Devolutions Remote Desktop Manager 2024.1.32.0 and earlier on Windows allows an attacker that obtains the exported settings to recover powershell credentials configured on the data source via stealing the configuration file.\u003cbr\u003e\u003c/div\u003e" } ], "value": "Improper removal of sensitive information in data source export feature in Devolutions Remote Desktop Manager 2024.1.32.0 and earlier on Windows allows an attacker that obtains the exported settings to recover powershell credentials configured on the data source via stealing the configuration file." } ], "providerMetadata": { "dateUpdated": "2024-06-17T12:55:28.759Z", "orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS" }, "references": [ { "url": "https://devolutions.net/security/advisories/DEVO-2024-0008" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "assignerShortName": "DEVOLUTIONS", "cveId": "CVE-2024-6055", "datePublished": "2024-06-17T12:55:28.759Z", "dateReserved": "2024-06-17T12:41:04.564Z", "dateUpdated": "2024-10-30T19:14:03.801Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-2221
Vulnerability from cvelistv5
Published
2022-06-27 18:38
Modified
2024-08-03 00:32
Severity ?
EPSS score ?
Summary
Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users. This issue affects: Devolutions Remote Desktop Manager versions prior to 2022.1.8.
References
▼ | URL | Tags |
---|---|---|
https://devolutions.net/security/advisories/DEVO-2022-0004 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Devolutions | Remote Desktop Manager |
Version: 2022.1.8 < 2022.1.8 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:32:08.840Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://devolutions.net/security/advisories/DEVO-2022-0004" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Remote Desktop Manager", "vendor": "Devolutions", "versions": [ { "lessThan": "2022.1.8", "status": "affected", "version": "2022.1.8", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users. This issue affects: Devolutions Remote Desktop Manager versions prior to 2022.1.8." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200 Information Exposure", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-06-27T18:38:57", "orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://devolutions.net/security/advisories/DEVO-2022-0004" } ], "source": { "advisory": "DEVO-2022-0004", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@devolutions.net", "ID": "CVE-2022-2221", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Remote Desktop Manager", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "2022.1.8", "version_value": "2022.1.8" } ] } } ] }, "vendor_name": "Devolutions" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users. This issue affects: Devolutions Remote Desktop Manager versions prior to 2022.1.8." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-200 Information Exposure" } ] } ] }, "references": { "reference_data": [ { "name": "https://devolutions.net/security/advisories/DEVO-2022-0004", "refsource": "MISC", "url": "https://devolutions.net/security/advisories/DEVO-2022-0004" } ] }, "source": { "advisory": "DEVO-2022-0004", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "assignerShortName": "DEVOLUTIONS", "cveId": "CVE-2022-2221", "datePublished": "2022-06-27T18:38:57", "dateReserved": "2022-06-27T00:00:00", "dateUpdated": "2024-08-03T00:32:08.840Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-2403
Vulnerability from cvelistv5
Published
2024-03-13 18:05
Modified
2024-08-01 19:11
Severity ?
EPSS score ?
Summary
Improper cleanup in temporary file handling component in Devolutions Remote Desktop Manager 2024.1.12 and
earlier on Windows allows an attacker that compromised a user endpoint, under specific circumstances, to access sensitive information via residual files in the temporary directory.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Devolutions | Remote Desktop Manager |
Version: 0 < |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-2403", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-13T19:08:59.543907Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:30:52.538Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T19:11:53.512Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://devolutions.net/security/advisories/DEVO-2024-0004" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Remote Desktop Manager", "vendor": "Devolutions", "versions": [ { "lessThanOrEqual": "2024.1.12", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\u003cspan style=\"background-color: rgba(232, 232, 232, 0.04);\"\u003eImproper cleanup in temporary file handling component in Devolutions Remote Desktop Manager 2024.1.12 and\nearlier on Windows allows an attacker that compromised a user endpoint, under specific circumstances, to access sensitive information via residual files in the temporary directory.\u003c/span\u003e\n\n" } ], "value": "\nImproper cleanup in temporary file handling component in Devolutions Remote Desktop Manager 2024.1.12 and\nearlier on Windows allows an attacker that compromised a user endpoint, under specific circumstances, to access sensitive information via residual files in the temporary directory.\n\n" } ], "providerMetadata": { "dateUpdated": "2024-03-13T18:05:18.218Z", "orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS" }, "references": [ { "url": "https://devolutions.net/security/advisories/DEVO-2024-0004" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "assignerShortName": "DEVOLUTIONS", "cveId": "CVE-2024-2403", "datePublished": "2024-03-13T18:05:18.218Z", "dateReserved": "2024-03-12T12:35:13.399Z", "dateUpdated": "2024-08-01T19:11:53.512Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3182
Vulnerability from cvelistv5
Published
2022-09-13 19:27
Modified
2024-08-03 01:00
Severity ?
EPSS score ?
Summary
Improper Access Control vulnerability in the Duo SMS two-factor of Devolutions Remote Desktop Manager 2022.2.14 and earlier allows attackers to bypass the application lock. This issue affects: Devolutions Remote Desktop Manager version 2022.2.14 and prior versions.
References
▼ | URL | Tags |
---|---|---|
https://devolutions.net/security/advisories/DEVO-2022-0007 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Devolutions | Remote Desktop Manager |
Version: unspecified < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:00:10.542Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://devolutions.net/security/advisories/DEVO-2022-0007" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Remote Desktop Manager", "vendor": "Devolutions", "versions": [ { "lessThanOrEqual": "2022.2.14", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper Access Control vulnerability in the Duo SMS two-factor of Devolutions Remote Desktop Manager 2022.2.14 and earlier allows attackers to bypass the application lock. This issue affects: Devolutions Remote Desktop Manager version 2022.2.14 and prior versions." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-13T19:27:28", "orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://devolutions.net/security/advisories/DEVO-2022-0007" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@devolutions.net", "ID": "CVE-2022-3182", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Remote Desktop Manager", "version": { "version_data": [ { "version_affected": "\u003c=", "version_value": "2022.2.14" } ] } } ] }, "vendor_name": "Devolutions" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Improper Access Control vulnerability in the Duo SMS two-factor of Devolutions Remote Desktop Manager 2022.2.14 and earlier allows attackers to bypass the application lock. This issue affects: Devolutions Remote Desktop Manager version 2022.2.14 and prior versions." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-284 Improper Access Control" } ] } ] }, "references": { "reference_data": [ { "name": "https://devolutions.net/security/advisories/DEVO-2022-0007", "refsource": "MISC", "url": "https://devolutions.net/security/advisories/DEVO-2022-0007" } ] }, "source": { "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "assignerShortName": "DEVOLUTIONS", "cveId": "CVE-2022-3182", "datePublished": "2022-09-13T19:27:28", "dateReserved": "2022-09-12T00:00:00", "dateUpdated": "2024-08-03T01:00:10.542Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-6354
Vulnerability from cvelistv5
Published
2024-06-26 16:20
Modified
2024-08-01 21:33
Severity ?
EPSS score ?
Summary
Improper access control in PAM dashboard in Devolutions Remote Desktop Manager 2024.2.11 and earlier on Windows allows an authenticated user to bypass the execute permission via the use of the PAM dashboard.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Devolutions | Remote Desktop Manager |
Version: 0 < |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:devolutions:remote_desktop_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "remote_desktop_manager", "vendor": "devolutions", "versions": [ { "lessThanOrEqual": "2024.2.11", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-6354", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-26T23:09:12.417026Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1262", "description": "CWE-1262 Improper Access Control for Register Interface", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-26T23:10:37.527Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:33:05.392Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://devolutions.net/security/advisories/DEVO-2024-0010" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Remote Desktop Manager", "vendor": "Devolutions", "versions": [ { "lessThanOrEqual": "2024.2.11", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003eImproper access control in PAM dashboard in Devolutions Remote Desktop Manager 2024.2.11 and earlier on Windows allows an authenticated user to bypass the execute permission via the use of the PAM dashboard. \u003cbr\u003e\u003c/div\u003e" } ], "value": "Improper access control in PAM dashboard in Devolutions Remote Desktop Manager 2024.2.11 and earlier on Windows allows an authenticated user to bypass the execute permission via the use of the PAM dashboard." } ], "providerMetadata": { "dateUpdated": "2024-06-26T16:20:42.264Z", "orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS" }, "references": [ { "url": "https://devolutions.net/security/advisories/DEVO-2024-0010" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "assignerShortName": "DEVOLUTIONS", "cveId": "CVE-2024-6354", "datePublished": "2024-06-26T16:20:42.264Z", "dateReserved": "2024-06-26T16:15:40.371Z", "dateUpdated": "2024-08-01T21:33:05.392Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-1574
Vulnerability from cvelistv5
Published
2023-03-22 12:50
Modified
2024-08-02 05:49
Severity ?
EPSS score ?
Summary
Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user interface to obtain sensitive information via the error message dialog that displays the password in clear text.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Devolutions | Remote Desktop Manager |
Version: 0 < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:49:11.768Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://devolutions.net/security/advisories/DEVO-2023-0006" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Remote Desktop Manager", "vendor": "Devolutions", "versions": [ { "lessThanOrEqual": "2023.1.9", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003eInformation disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user interface to obtain sensitive information via the error message dialog that displays the password in clear text.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e" } ], "value": "Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user interface to obtain sensitive information via the error message dialog that displays the password in clear text.\n\n\n\n\n\n\n\n\n\n\n\n" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-02T18:49:20.069507Z", "orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS" }, "references": [ { "url": "https://devolutions.net/security/advisories/DEVO-2023-0006" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "assignerShortName": "DEVOLUTIONS", "cveId": "CVE-2023-1574", "datePublished": "2023-03-22T12:50:16.949Z", "dateReserved": "2023-03-22T12:10:40.300Z", "dateUpdated": "2024-08-02T05:49:11.768Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-6492
Vulnerability from cvelistv5
Published
2024-07-16 18:16
Modified
2024-11-05 21:53
Severity ?
EPSS score ?
Summary
Exposure of Sensitive Information in edge browser session proxy feature in Devolutions Remote Desktop Manager 2024.2.14.0 and earlier on Windows allows an attacker to intercept proxy credentials via a specially crafted website.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Devolutions | Remote Desktop Manager |
Version: 0 < |
|
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-6492", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-16T19:02:25.406311Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-522", "description": "CWE-522 Insufficiently Protected Credentials", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-05T21:53:35.800Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:41:03.459Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://devolutions.net/security/advisories/DEVO-2024-0012" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Remote Desktop Manager", "vendor": "Devolutions", "versions": [ { "lessThanOrEqual": "2024.2.14.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003eExposure of Sensitive Information in edge browser session proxy feature in Devolutions Remote Desktop Manager 2024.2.14.0 and earlier on Windows allows an attacker to intercept proxy credentials via a specially crafted website. \u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e" } ], "value": "Exposure of Sensitive Information in edge browser session proxy feature in Devolutions Remote Desktop Manager 2024.2.14.0 and earlier on Windows allows an attacker to intercept proxy credentials via a specially crafted website." } ], "providerMetadata": { "dateUpdated": "2024-07-16T18:16:36.780Z", "orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS" }, "references": [ { "url": "https://devolutions.net/security/advisories/DEVO-2024-0012" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "assignerShortName": "DEVOLUTIONS", "cveId": "CVE-2024-6492", "datePublished": "2024-07-16T18:16:36.780Z", "dateReserved": "2024-07-03T19:03:36.493Z", "dateUpdated": "2024-11-05T21:53:35.800Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-1939
Vulnerability from cvelistv5
Published
2023-04-11 17:47
Modified
2024-08-02 06:05
Severity ?
EPSS score ?
Summary
No access control for the OTP key
on OTP entries
in Devolutions Remote Desktop Manager Windows 2022.3.33.0 and prior versions and Remote Desktop Manager Linux 2022.3.2.0 and prior versions allows non admin users to see OTP keys via the user interface.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Devolutions | Remote Desktop Manager |
Version: 0 < 2022.3.34.0 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T06:05:27.088Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://devolutions.net/security/advisories/DEVO-2023-0009" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Remote Desktop Manager", "vendor": "Devolutions", "versions": [ { "lessThan": "2022.3.34.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Linux" ], "product": "Remote Desktop Manager", "vendor": "Devolutions", "versions": [ { "lessThan": "2022.3.2.1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "datePublic": "2023-04-11T14:18:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "No access control for the OTP key\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;on OTP entries\u003c/span\u003e\n\n in Devolutions Remote Desktop Manager Windows 2022.3.33.0 and prior versions and Remote Desktop Manager Linux 2022.3.2.0 and prior versions allows non admin users to see OTP keys via the user interface." } ], "value": "No access control for the OTP key\u00a0\n\n\u00a0on OTP entries\n\n in Devolutions Remote Desktop Manager Windows 2022.3.33.0 and prior versions and Remote Desktop Manager Linux 2022.3.2.0 and prior versions allows non admin users to see OTP keys via the user interface." } ], "providerMetadata": { "dateUpdated": "2023-04-11T17:47:49.976Z", "orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS" }, "references": [ { "url": "https://devolutions.net/security/advisories/DEVO-2023-0009" } ], "source": { "discovery": "UNKNOWN" }, "title": "No access control for the OTP key on OTP entries", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "assignerShortName": "DEVOLUTIONS", "cveId": "CVE-2023-1939", "datePublished": "2023-04-11T17:47:49.976Z", "dateReserved": "2023-04-07T13:39:45.374Z", "dateUpdated": "2024-08-02T06:05:27.088Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6288
Vulnerability from cvelistv5
Published
2023-12-06 13:49
Modified
2024-08-02 08:28
Severity ?
EPSS score ?
Summary
Code injection in Remote Desktop Manager 2023.3.9.3 and earlier on macOS allows an attacker to execute code via the DYLIB_INSERT_LIBRARIES environment variable.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Devolutions | Remote Desktop Manager |
Version: 0 < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:28:20.356Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://devolutions.net/security/advisories/DEVO-2023-0021/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "MacOS" ], "product": "Remote Desktop Manager", "vendor": "Devolutions", "versions": [ { "lessThanOrEqual": "2023.3.9.3", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eCode injection in Remote Desktop Manager 2023.3.9.3 and earlier on macOS allows an attacker to execute code via the DYLIB_INSERT_LIBRARIES environment variable.\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\n\n" } ], "value": "Code injection in Remote Desktop Manager 2023.3.9.3 and earlier on macOS allows an attacker to execute code via the DYLIB_INSERT_LIBRARIES environment variable.\n\n\n\n\n\n\n\n\n\n" } ], "providerMetadata": { "dateUpdated": "2023-12-06T13:49:50.204Z", "orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS" }, "references": [ { "url": "https://devolutions.net/security/advisories/DEVO-2023-0021/" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "assignerShortName": "DEVOLUTIONS", "cveId": "CVE-2023-6288", "datePublished": "2023-12-06T13:49:50.204Z", "dateReserved": "2023-11-24T14:18:48.424Z", "dateUpdated": "2024-08-02T08:28:20.356Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-3545
Vulnerability from cvelistv5
Published
2024-04-09 19:01
Modified
2024-11-04 16:46
Severity ?
EPSS score ?
Summary
Improper permission handling in the vault offline cache feature in Devolutions Remote Desktop Manager 2024.1.20 and earlier on windows and Devolutions Server 2024.1.8 and earlier allows an attacker to access sensitive informations contained in the offline cache file by gaining access to a computer where the software is installed even though the offline mode is disabled.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Devolutions | Server |
Version: 0 < |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-3545", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-10T19:14:58.719678Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-281", "description": "CWE-281 Improper Preservation of Permissions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-04T16:46:03.419Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T20:12:07.633Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://devolutions.net/security/advisories/DEVO-2024-0006" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Server", "vendor": "Devolutions", "versions": [ { "lessThanOrEqual": "2024.1.8.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Remote Desktop Manager", "vendor": "Devolutions", "versions": [ { "lessThanOrEqual": "2024.1.20.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003eImproper permission handling in the vault offline cache feature in Devolutions Remote Desktop Manager 2024.1.20 and earlier on windows and Devolutions Server 2024.1.8 and earlier allows an attacker to access sensitive informations contained in the offline cache file by gaining access to a computer where the software is installed even though the offline mode is disabled.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e" } ], "value": "Improper permission handling in the vault offline cache feature in Devolutions Remote Desktop Manager 2024.1.20 and earlier on windows and Devolutions Server 2024.1.8 and earlier allows an attacker to access sensitive informations contained in the offline cache file by gaining access to a computer where the software is installed even though the offline mode is disabled.\n\n" } ], "providerMetadata": { "dateUpdated": "2024-04-09T19:01:43.329Z", "orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS" }, "references": [ { "url": "https://devolutions.net/security/advisories/DEVO-2024-0006" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "assignerShortName": "DEVOLUTIONS", "cveId": "CVE-2024-3545", "datePublished": "2024-04-09T19:01:43.329Z", "dateReserved": "2024-04-09T18:43:05.078Z", "dateUpdated": "2024-11-04T16:46:03.419Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-7421
Vulnerability from cvelistv5
Published
2024-09-25 15:12
Modified
2024-09-25 15:36
Severity ?
EPSS score ?
Summary
An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows allows local attackers with access to system logs to obtain session credentials via passwords included in command-line arguments when launching WinSCP sessions
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Devolutions | Remote Desktop Manager |
Version: 0 < |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-7421", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-25T15:35:54.964576Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-25T15:36:09.369Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Remote Desktop Manager", "vendor": "Devolutions", "versions": [ { "lessThanOrEqual": "2024.2.20", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows allows local attackers with access to system logs to obtain session credentials via passwords included in command-line arguments when launching WinSCP sessions\u003c/span\u003e" } ], "value": "An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows allows local attackers with access to system logs to obtain session credentials via passwords included in command-line arguments when launching WinSCP sessions" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-532", "description": "CWE-532: Information Exposure Through Log Files", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-25T15:12:54.854Z", "orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS" }, "references": [ { "url": "https://devolutions.net/security/advisories/DEVO-2024-0014" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "assignerShortName": "DEVOLUTIONS", "cveId": "CVE-2024-7421", "datePublished": "2024-09-25T15:12:54.854Z", "dateReserved": "2024-08-02T13:55:12.876Z", "dateUpdated": "2024-09-25T15:36:09.369Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-5766
Vulnerability from cvelistv5
Published
2023-11-01 17:08
Modified
2024-09-06 18:45
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability in Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to remotely execute code from another windows user session on the same host via a specially crafted TCP packet.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Devolutions | Remote Desktop Manager |
Version: 0 < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:07:32.717Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://devolutions.net/security/advisories/DEVO-2023-0019/" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "remote_desktop_manager", "vendor": "devolutions", "versions": [ { "lessThanOrEqual": "2023.2.33", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-5766", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T18:41:13.770656Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T18:45:42.992Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Remote Desktop Manager", "vendor": "Devolutions", "versions": [ { "lessThanOrEqual": "2023.2.33", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eA remote code execution vulnerability in Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to remotely execute code from another windows user session on the same host via a specially crafted TCP packet.\u003cbr\u003e\u003c/div\u003e" } ], "value": "\n\nA remote code execution vulnerability in Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to remotely execute code from another windows user session on the same host via a specially crafted TCP packet.\n\n\n" } ], "providerMetadata": { "dateUpdated": "2023-11-01T17:08:03.162Z", "orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS" }, "references": [ { "url": "https://devolutions.net/security/advisories/DEVO-2023-0019/" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "assignerShortName": "DEVOLUTIONS", "cveId": "CVE-2023-5766", "datePublished": "2023-11-01T17:08:03.162Z", "dateReserved": "2023-10-25T13:48:08.445Z", "dateUpdated": "2024-09-06T18:45:42.992Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6593
Vulnerability from cvelistv5
Published
2023-12-12 14:32
Modified
2024-08-28 14:52
Severity ?
EPSS score ?
Summary
Client side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS allows an attacker that has access to the application to execute entries in a SQL data source without restriction.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Devolutions | Remote Desktop Manager |
Version: 0 < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:35:14.865Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://devolutions.net/security/advisories/DEVO-2023-0023/" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:devolutions:remote_desktop_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "remote_desktop_manager", "vendor": "devolutions", "versions": [ { "lessThanOrEqual": "2023.3.4.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-6593", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-28T14:47:53.634630Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-28T14:52:06.753Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "modules": [ "Permission", "SQL Data Source" ], "platforms": [ "iOS" ], "product": "Remote Desktop Manager", "vendor": "Devolutions", "versions": [ { "lessThanOrEqual": "2023.3.4.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eClient side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS allows an attacker that has access to the application to execute entries in a SQL data source without restriction.\u003cbr\u003e\u003c/div\u003e" } ], "value": "\n\nClient side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS allows an attacker that has access to the application to execute entries in a SQL data source without restriction.\n\n\n" } ], "providerMetadata": { "dateUpdated": "2023-12-12T14:32:56.806Z", "orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS" }, "references": [ { "url": "https://devolutions.net/security/advisories/DEVO-2023-0023/" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "assignerShortName": "DEVOLUTIONS", "cveId": "CVE-2023-6593", "datePublished": "2023-12-12T14:32:56.806Z", "dateReserved": "2023-12-07T19:16:24.562Z", "dateUpdated": "2024-08-28T14:52:06.753Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3641
Vulnerability from cvelistv5
Published
2022-12-07 14:35
Modified
2024-08-03 01:14
Severity ?
EPSS score ?
Summary
Elevation of privilege in the Azure SQL Data Source in Devolutions Remote Desktop Manager 2022.3.13 to 2022.3.24 allows an authenticated user to spoof a privileged account.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Devolutions | Remote Desktop Manager |
Version: 2022.3.13 < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:14:03.276Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://devolutions.net/security/advisories/DEVO-2022-0010" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Remote Desktop Manager", "vendor": "Devolutions", "versions": [ { "lessThanOrEqual": "2022.3.24", "status": "affected", "version": "2022.3.13", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Elevation of privilege in the Azure SQL Data Source in Devolutions Remote Desktop Manager 2022.3.13 to 2022.3.24 allows an authenticated user to spoof a privileged account.\u003cbr\u003e" } ], "value": "Elevation of privilege in the Azure SQL Data Source in Devolutions Remote Desktop Manager 2022.3.13 to 2022.3.24 allows an authenticated user to spoof a privileged account.\n" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-12T01:50:00.293730Z", "orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS" }, "references": [ { "url": "https://devolutions.net/security/advisories/DEVO-2022-0010" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "assignerShortName": "DEVOLUTIONS", "cveId": "CVE-2022-3641", "datePublished": "2022-12-07T14:35:18.529Z", "dateReserved": "2022-10-21T12:54:14.203Z", "dateUpdated": "2024-08-03T01:14:03.276Z", "requesterUserId": "f8cc67d2-f063-4532-a07d-c228278dd519", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-4373
Vulnerability from cvelistv5
Published
2023-08-21 18:36
Modified
2024-10-03 17:54
Severity ?
EPSS score ?
Summary
Inadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Devolutions | Remote Desktop Manager |
Version: 0 < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:24:04.569Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://devolutions.net/security/advisories/DEVO-2023-0015/" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-4373", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-03T17:52:45.958952Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-287", "description": "CWE-287 Improper Authentication", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-03T17:54:55.052Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "modules": [ "Remote tools" ], "platforms": [ "Windows" ], "product": "Remote Desktop Manager", "vendor": "Devolutions", "versions": [ { "lessThanOrEqual": "2023.2.19", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\nInadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature.\n\n" } ], "value": "\nInadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature.\n\n" } ], "providerMetadata": { "dateUpdated": "2023-08-21T18:36:23.305Z", "orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS" }, "references": [ { "url": "https://devolutions.net/security/advisories/DEVO-2023-0015/" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "assignerShortName": "DEVOLUTIONS", "cveId": "CVE-2023-4373", "datePublished": "2023-08-21T18:36:23.305Z", "dateReserved": "2023-08-15T13:24:12.011Z", "dateUpdated": "2024-10-03T17:54:55.052Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-11672
Vulnerability from cvelistv5
Published
2024-11-25 14:46
Modified
2024-11-25 16:47
Severity ?
EPSS score ?
Summary
Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows an authenticated malicious user to bypass the "Add" permission via the import in vault feature.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Devolutions | Remote Desktop Manager |
Version: 0 < |
|
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-11672", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-25T16:47:32.061532Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-25T16:47:53.171Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Remote Desktop Manager", "vendor": "Devolutions", "versions": [ { "lessThanOrEqual": "2024.2.21.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003eIncorrect authorization in the add permission component in Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows an authenticated malicious user to bypass the \"Add\" permission via the import in vault feature.\u003cbr\u003e\u003c/div\u003e" } ], "value": "Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows an authenticated malicious user to bypass the \"Add\" permission via the import in vault feature." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-25T14:46:20.186Z", "orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS" }, "references": [ { "url": "https://devolutions.net/security/advisories/DEVO-2024-0016" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "assignerShortName": "DEVOLUTIONS", "cveId": "CVE-2024-11672", "datePublished": "2024-11-25T14:46:20.186Z", "dateReserved": "2024-11-25T14:35:25.709Z", "dateUpdated": "2024-11-25T16:47:53.171Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-1342
Vulnerability from cvelistv5
Published
2022-06-15 16:09
Modified
2024-09-17 03:55
Severity ?
EPSS score ?
Summary
A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. A caching issue can cause sensitive fields to sometimes stay revealed when closing and reopening a panel, which could lead to involuntarily disclosing sensitive information. This issue affects: Devolutions Remote Desktop Manager 2022.1.24 version and prior versions.
References
▼ | URL | Tags |
---|---|---|
https://devolutions.net/security/advisories/DEVO-2022-0003 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Devolutions | Remote Desktop Manager |
Version: unspecified < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:03:05.876Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://devolutions.net/security/advisories/DEVO-2022-0003" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Remote Desktop Manager", "vendor": "Devolutions", "versions": [ { "lessThanOrEqual": "2022.1.24", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2022-04-21T00:00:00", "descriptions": [ { "lang": "en", "value": "A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. A caching issue can cause sensitive fields to sometimes stay revealed when closing and reopening a panel, which could lead to involuntarily disclosing sensitive information. This issue affects: Devolutions Remote Desktop Manager 2022.1.24 version and prior versions." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-549", "description": "CWE-549", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-06-15T16:09:30", "orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://devolutions.net/security/advisories/DEVO-2022-0003" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@devolutions.net", "DATE_PUBLIC": "2022-04-21T00:00:00", "ID": "CVE-2022-1342", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Remote Desktop Manager", "version": { "version_data": [ { "version_affected": "\u003c=", "version_value": "2022.1.24" } ] } } ] }, "vendor_name": "Devolutions" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. A caching issue can cause sensitive fields to sometimes stay revealed when closing and reopening a panel, which could lead to involuntarily disclosing sensitive information. This issue affects: Devolutions Remote Desktop Manager 2022.1.24 version and prior versions." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-549" } ] } ] }, "references": { "reference_data": [ { "name": "https://devolutions.net/security/advisories/DEVO-2022-0003", "refsource": "MISC", "url": "https://devolutions.net/security/advisories/DEVO-2022-0003" } ] } } } }, "cveMetadata": { "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "assignerShortName": "DEVOLUTIONS", "cveId": "CVE-2022-1342", "datePublished": "2022-06-15T16:09:30.876032Z", "dateReserved": "2022-04-13T00:00:00", "dateUpdated": "2024-09-17T03:55:09.040Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-11670
Vulnerability from cvelistv5
Published
2024-11-25 14:46
Modified
2024-11-25 15:50
Severity ?
EPSS score ?
Summary
Incorrect authorization in the permission validation component of Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows a malicious authenticated user to bypass the "View Password" permission via specific actions.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Devolutions | Remote Desktop Manager |
Version: 0 < |
|
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-11670", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-25T15:47:05.725095Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-25T15:50:11.300Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Remote Desktop Manager", "vendor": "Devolutions", "versions": [ { "lessThanOrEqual": "2024.2.21.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003e\nIncorrect authorization in the permission validation component of Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows a malicious authenticated user to bypass the \"View Password\" permission via specific actions.\n\n\u003cbr\u003e\u003c/div\u003e" } ], "value": "Incorrect authorization in the permission validation component of Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows a malicious authenticated user to bypass the \"View Password\" permission via specific actions." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-25T14:46:58.455Z", "orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS" }, "references": [ { "url": "https://devolutions.net/security/advisories/DEVO-2024-0015" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "assignerShortName": "DEVOLUTIONS", "cveId": "CVE-2024-11670", "datePublished": "2024-11-25T14:46:58.455Z", "dateReserved": "2024-11-25T14:14:54.141Z", "dateUpdated": "2024-11-25T15:50:11.300Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-4417
Vulnerability from cvelistv5
Published
2023-08-21 18:38
Modified
2024-10-04 16:50
Severity ?
EPSS score ?
Summary
Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances, to inadvertently share their personal vault entry with shared vaults via an incorrect vault in the duplication write process.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Devolutions | Remote Desktop Manager |
Version: 0 < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:24:05.034Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://devolutions.net/security/advisories/DEVO-2023-0015" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-4417", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T16:50:20.476208Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T16:50:38.460Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Remote Desktop Manager", "vendor": "Devolutions", "versions": [ { "lessThanOrEqual": "2023.2.19", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances, to inadvertently share their personal vault entry with shared vaults via an incorrect vault in the duplication write process." } ], "value": "Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances, to inadvertently share their personal vault entry with shared vaults via an incorrect vault in the duplication write process." } ], "providerMetadata": { "dateUpdated": "2023-08-22T16:40:48.922Z", "orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS" }, "references": [ { "url": "https://devolutions.net/security/advisories/DEVO-2023-0015" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "assignerShortName": "DEVOLUTIONS", "cveId": "CVE-2023-4417", "datePublished": "2023-08-21T18:38:06.606Z", "dateReserved": "2023-08-18T13:05:41.063Z", "dateUpdated": "2024-10-04T16:50:38.460Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-2282
Vulnerability from cvelistv5
Published
2023-04-25 18:23
Modified
2024-08-02 06:19
Severity ?
EPSS score ?
Summary
Improper access control in the Web Login listener in Devolutions Remote Desktop Manager 2023.1.22 and earlier on Windows allows an authenticated user to bypass administrator-enforced Web Login restrictions and gain access to entries via an unexpected vector.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Devolutions | Remote Desktop Manager |
Version: 0 < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T06:19:14.866Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://devolutions.net/security/advisories/DEVO-2023-0012" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "modules": [ "Web Login Listener" ], "platforms": [ "Windows" ], "product": "Remote Desktop Manager", "vendor": "Devolutions", "versions": [ { "lessThanOrEqual": "2023.1.22", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Improper access control in the Web Login listener in Devolutions Remote Desktop Manager 2023.1.22 and earlier on Windows allows an authenticated user to bypass administrator-enforced Web Login restrictions and gain access to entries via an unexpected vector.\u003cbr\u003e" } ], "value": "Improper access control in the Web Login listener in Devolutions Remote Desktop Manager 2023.1.22 and earlier on Windows allows an authenticated user to bypass administrator-enforced Web Login restrictions and gain access to entries via an unexpected vector.\n" } ], "providerMetadata": { "dateUpdated": "2023-04-25T18:23:00.287Z", "orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS" }, "references": [ { "url": "https://devolutions.net/security/advisories/DEVO-2023-0012" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "assignerShortName": "DEVOLUTIONS", "cveId": "CVE-2023-2282", "datePublished": "2023-04-25T18:23:00.287Z", "dateReserved": "2023-04-25T15:07:46.309Z", "dateUpdated": "2024-08-02T06:19:14.866Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-12149
Vulnerability from cvelistv5
Published
2024-12-04 17:18
Modified
2024-12-05 18:46
Severity ?
EPSS score ?
Summary
Incorrect permission assignment in temporary access requests component in Devolutions Remote Desktop Manager 2024.3.19.0 and earlier on Windows allows an authenticated user that request temporary permissions on an entry to obtain more privileges than requested.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Devolutions | Remote Desktop Manager |
Version: 0 < |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "remote_desktop_manager", "vendor": "devolutions", "versions": [ { "lessThanOrEqual": "2024.3.19.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-12149", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-05T18:45:22.238631Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-05T18:46:29.926Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Remote Desktop Manager", "vendor": "Devolutions", "versions": [ { "lessThanOrEqual": "2024.3.19.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003eIncorrect permission assignment in temporary access requests component in Devolutions Remote Desktop Manager 2024.3.19.0 and earlier on Windows allows an authenticated user that request temporary permissions on an entry to obtain more privileges than requested.\u003cbr\u003e\u003c/div\u003e" } ], "value": "Incorrect permission assignment in temporary access requests component in Devolutions Remote Desktop Manager 2024.3.19.0 and earlier on Windows allows an authenticated user that request temporary permissions on an entry to obtain more privileges than requested." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-732", "description": "CWE-732: Incorrect Permission Assignment for Critical Resource", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-04T17:18:01.565Z", "orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS" }, "references": [ { "url": "https://devolutions.net/security/advisories/DEVO-2024-0017" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "assignerShortName": "DEVOLUTIONS", "cveId": "CVE-2024-12149", "datePublished": "2024-12-04T17:18:01.565Z", "dateReserved": "2024-12-04T13:27:48.580Z", "dateUpdated": "2024-12-05T18:46:29.926Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-1980
Vulnerability from cvelistv5
Published
2023-04-11 17:44
Modified
2024-08-02 06:05
Severity ?
EPSS score ?
Summary
Two factor
authentication
bypass on login in Devolutions Remote Desktop Manager 2022.3.35 and earlier allow user to cancel the two factor authentication via the application user interface and open entries.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Devolutions | Remote Desktop Manager |
Version: 0 < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T06:05:27.093Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://devolutions.net/security/advisories/DEVO-2023-0009" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Remote Desktop Manager", "vendor": "Devolutions", "versions": [ { "lessThanOrEqual": "2022.3.35.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "datePublic": "2023-04-11T15:56:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Two factor \n\nauthentication\n\nbypass on login in Devolutions Remote Desktop Manager 2022.3.35 and earlier allow user to cancel the two factor authentication via the application user interface and open entries." } ], "value": "Two factor \n\nauthentication\n\nbypass on login in Devolutions Remote Desktop Manager 2022.3.35 and earlier allow user to cancel the two factor authentication via the application user interface and open entries." } ], "providerMetadata": { "dateUpdated": "2023-04-24T13:13:29.808Z", "orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS" }, "references": [ { "url": "https://devolutions.net/security/advisories/DEVO-2023-0009" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "assignerShortName": "DEVOLUTIONS", "cveId": "CVE-2023-1980", "datePublished": "2023-04-11T17:44:15.373Z", "dateReserved": "2023-04-11T13:57:51.445Z", "dateUpdated": "2024-08-02T06:05:27.093Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-11671
Vulnerability from cvelistv5
Published
2024-11-25 14:46
Modified
2024-11-25 16:47
Severity ?
EPSS score ?
Summary
Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024.3.17 and earlier on Windows allows an authenticated user to bypass the MFA validation via data source switching.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Devolutions | Remote Desktop Manager |
Version: 0 < |
|
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-11671", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-25T16:46:53.183382Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-25T16:47:10.705Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Remote Desktop Manager", "vendor": "Devolutions", "versions": [ { "lessThanOrEqual": "2024.3.17", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003eImproper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024.3.17 and earlier on Windows allows an authenticated user to bypass the MFA validation via data source switching. \u003cbr\u003e\u003c/div\u003e" } ], "value": "Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024.3.17 and earlier on Windows allows an authenticated user to bypass the MFA validation via data source switching." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-287", "description": "CWE-287 Improper Authentication", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-25T14:46:42.687Z", "orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS" }, "references": [ { "url": "https://devolutions.net/security/advisories/DEVO-2024-0016" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "assignerShortName": "DEVOLUTIONS", "cveId": "CVE-2024-11671", "datePublished": "2024-11-25T14:46:42.687Z", "dateReserved": "2024-11-25T14:27:39.742Z", "dateUpdated": "2024-11-25T16:47:10.705Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3780
Vulnerability from cvelistv5
Published
2022-11-01 18:22
Modified
2024-08-03 01:20
Severity ?
EPSS score ?
Summary
Database connections on deleted users could stay active on MySQL data sources in Remote Desktop Manager 2022.3.7 and below which allow deleted users to access unauthorized data.
This issue affects :
Remote Desktop Manager 2022.3.7 and prior versions.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Devolutions | Remote Desktop Manager |
Version: 0 < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:20:58.283Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://devolutions.net/security/advisories/DEVO-2022-0008" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Remote Desktop Manager", "vendor": "Devolutions", "versions": [ { "lessThanOrEqual": "2022.3.7", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Database connections on deleted users could stay active on MySQL data sources in Remote Desktop Manager 2022.3.7 and below which allow deleted users to access unauthorized data. \u003cbr\u003e\u003cbr\u003eThis issue affects : \u003cbr\u003eRemote Desktop Manager 2022.3.7 and prior versions.\u003cbr\u003e\u003cbr\u003e" } ], "value": "Database connections on deleted users could stay active on MySQL data sources in Remote Desktop Manager 2022.3.7 and below which allow deleted users to access unauthorized data. \n\nThis issue affects : \nRemote Desktop Manager 2022.3.7 and prior versions.\n\n" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-01T18:22:29.174Z", "orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS" }, "references": [ { "url": "https://devolutions.net/security/advisories/DEVO-2022-0008" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "assignerShortName": "DEVOLUTIONS", "cveId": "CVE-2022-3780", "datePublished": "2022-11-01T18:22:29.174Z", "dateReserved": "2022-10-31T18:47:33.041Z", "dateUpdated": "2024-08-03T01:20:58.283Z", "requesterUserId": "f8cc67d2-f063-4532-a07d-c228278dd519", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-0589
Vulnerability from cvelistv5
Published
2024-01-31 13:04
Modified
2024-08-01 18:11
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the entry overview tab in Devolutions Remote Desktop Manager 2023.3.36 and earlier on Windows allows an attacker with access to a data source to inject a malicious script via a specially crafted input in an entry.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Devolutions | Remote Desktop Manager |
Version: 0 < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T18:11:35.638Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://devolutions.net/security/advisories/DEVO-2024-0001/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Remote Desktop Manager", "vendor": "Devolutions", "versions": [ { "lessThanOrEqual": "2023.3.36", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003eCross-site scripting (XSS) vulnerability in the entry overview tab in Devolutions Remote Desktop Manager 2023.3.36 and earlier on Windows allows an attacker with access to a data source to inject a malicious script via a specially crafted input in an entry.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e" } ], "value": "Cross-site scripting (XSS) vulnerability in the entry overview tab in Devolutions Remote Desktop Manager 2023.3.36 and earlier on Windows allows an attacker with access to a data source to inject a malicious script via a specially crafted input in an entry.\n\n\n\n\n\n" } ], "providerMetadata": { "dateUpdated": "2024-01-31T13:04:51.170Z", "orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS" }, "references": [ { "url": "https://devolutions.net/security/advisories/DEVO-2024-0001/" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "assignerShortName": "DEVOLUTIONS", "cveId": "CVE-2024-0589", "datePublished": "2024-01-31T13:04:51.170Z", "dateReserved": "2024-01-16T13:32:55.913Z", "dateUpdated": "2024-08-01T18:11:35.638Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-1202
Vulnerability from cvelistv5
Published
2023-03-23 17:12
Modified
2024-08-02 05:40
Severity ?
EPSS score ?
Summary
Permission bypass when importing or synchronizing entries in User vault
in Devolutions Remote Desktop Manager 2023.1.9 and prior versions allows users with restricted rights to bypass entry permission via id collision.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Devolutions | Remote Desktop Manager |
Version: 0 < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:40:58.190Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://devolutions.net/security/advisories/DEVO-2023-0008" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Remote Desktop Manager", "vendor": "Devolutions", "versions": [ { "lessThanOrEqual": "2023.1.9", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "datePublic": "2023-03-23T17:12:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Permission bypass when importing or synchronizing entries\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;in User vault\u003c/span\u003e\n\n in Devolutions Remote Desktop Manager 2023.1.9 and \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eprior versions \u003c/span\u003eallows users with restricted rights to bypass entry permission via id collision." } ], "value": "Permission bypass when importing or synchronizing entries\u00a0in User vault\n\n in Devolutions Remote Desktop Manager 2023.1.9 and prior versions allows users with restricted rights to bypass entry permission via id collision." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-02T18:49:20.069507Z", "orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS" }, "references": [ { "url": "https://devolutions.net/security/advisories/DEVO-2023-0008" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "assignerShortName": "DEVOLUTIONS", "cveId": "CVE-2023-1202", "datePublished": "2023-03-23T17:12:47.824Z", "dateReserved": "2023-03-06T15:52:04.023Z", "dateUpdated": "2024-08-02T05:40:58.190Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0463
Vulnerability from cvelistv5
Published
2023-01-24 16:42
Modified
2024-08-02 05:10
Severity ?
EPSS score ?
Summary
The force offline MFA prompt setting is not respected when switching to offline mode in Devolutions Remote Desktop Manager 2022.3.29 to 2022.3.30 allows a user to save sensitive data on disk.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Devolutions | Remote Desktop Manager |
Version: 2022.3.29 < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:10:56.303Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://devolutions.net/security/advisories/DEVO-2023-0001" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Remote Desktop Manager", "vendor": "Devolutions", "versions": [ { "lessThanOrEqual": "2022.3.30", "status": "affected", "version": "2022.3.29", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003eThe force offline MFA prompt setting is not respected when switching to offline mode in Devolutions Remote Desktop Manager 2022.3.29 to 2022.3.30 allows a user to save sensitive data on disk.\u003c/div\u003e" } ], "value": "The force offline MFA prompt setting is not respected when switching to offline mode in Devolutions Remote Desktop Manager 2022.3.29 to 2022.3.30 allows a user to save sensitive data on disk.\n\n" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-26T06:03:10.975661Z", "orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS" }, "references": [ { "url": "https://devolutions.net/security/advisories/DEVO-2023-0001" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "assignerShortName": "DEVOLUTIONS", "cveId": "CVE-2023-0463", "datePublished": "2023-01-24T16:42:58.172Z", "dateReserved": "2023-01-24T13:11:08.882Z", "dateUpdated": "2024-08-02T05:10:56.303Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-6057
Vulnerability from cvelistv5
Published
2024-06-17 13:10
Modified
2024-08-29 20:09
Severity ?
EPSS score ?
Summary
Improper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024.1.31.0 and earlier allows an attacker that has compromised an access to an RDM instance to bypass the vault master password via the offline mode feature.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Devolutions | Remote Desktop Manager |
Version: 0 < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T21:25:03.229Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://devolutions.net/security/advisories/DEVO-2024-0008" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "remote_desktop_manager", "vendor": "devolutions", "versions": [ { "lessThanOrEqual": "2024.1.31.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-6057", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-05T17:46:37.565239Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-287", "description": "CWE-287 Improper Authentication", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-29T20:09:51.084Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "modules": [ "SQL" ], "platforms": [ "Windows" ], "product": "Remote Desktop Manager", "vendor": "Devolutions", "versions": [ { "lessThanOrEqual": "2024.1.31.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003eImproper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024.1.31.0 and earlier allows an attacker that has compromised an access to an RDM instance to bypass the vault master password via the offline mode feature.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e" } ], "value": "Improper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024.1.31.0 and earlier allows an attacker that has compromised an access to an RDM instance to bypass the vault master password via the offline mode feature." } ], "providerMetadata": { "dateUpdated": "2024-06-17T13:10:42.462Z", "orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS" }, "references": [ { "url": "https://devolutions.net/security/advisories/DEVO-2024-0008" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "assignerShortName": "DEVOLUTIONS", "cveId": "CVE-2024-6057", "datePublished": "2024-06-17T13:10:42.462Z", "dateReserved": "2024-06-17T13:01:27.989Z", "dateUpdated": "2024-08-29T20:09:51.084Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-7047
Vulnerability from cvelistv5
Published
2023-12-21 14:42
Modified
2024-10-29 16:29
Severity ?
EPSS score ?
Summary
Inadequate validation of permissions when employing remote tools and
macros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and
earlier permits a user to initiate a connection without proper execution
rights via the remote tools feature. This affects only SQL data sources.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Devolutions | Remote Desktop Manager |
Version: 0 < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:50:07.822Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://devolutions.net/security/advisories/DEVO-2023-0024/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-7047", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-03T20:41:28.379524Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-29T16:29:32.671Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "modules": [ "Remote Tools", "SQL Data Sources" ], "platforms": [ "Windows" ], "product": "Remote Desktop Manager", "vendor": "Devolutions", "versions": [ { "lessThanOrEqual": "2023.3.31", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\nInadequate validation of permissions when employing remote tools and \nmacros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and \nearlier permits a user to initiate a connection without proper execution\n rights via the remote tools feature. This affects only SQL data sources.\u003cbr\u003e" } ], "value": "\nInadequate validation of permissions when employing remote tools and \nmacros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and \nearlier permits a user to initiate a connection without proper execution\n rights via the remote tools feature. This affects only SQL data sources.\n" } ], "providerMetadata": { "dateUpdated": "2023-12-21T14:45:18.661Z", "orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS" }, "references": [ { "url": "https://devolutions.net/security/advisories/DEVO-2023-0024/" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "assignerShortName": "DEVOLUTIONS", "cveId": "CVE-2023-7047", "datePublished": "2023-12-21T14:42:58.084Z", "dateReserved": "2023-12-21T14:35:55.673Z", "dateUpdated": "2024-10-29T16:29:32.671Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-4287
Vulnerability from cvelistv5
Published
2022-12-20 14:16
Modified
2024-08-03 01:34
Severity ?
EPSS score ?
Summary
Authentication bypass in local application lock feature in Devolutions Remote Desktop Manager 2022.3.26 and earlier on Windows allows malicious user to access the application.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Devolutions | Remote Desktop Manager |
Version: 0 < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:34:49.966Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://devolutions.net/security/advisories/DEVO-2022-0011" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "modules": [ "Local Application Lock" ], "platforms": [ "Windows" ], "product": "Remote Desktop Manager", "vendor": "Devolutions", "versions": [ { "lessThanOrEqual": "2022.3.27", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003eAuthentication bypass in local application lock feature in Devolutions Remote Desktop Manager\u0026nbsp; 2022.3.26 and earlier on Windows allows malicious user to access the application.\u003c/div\u003e" } ], "value": "Authentication bypass in local application lock feature in Devolutions Remote Desktop Manager\u00a0 2022.3.26 and earlier on Windows allows malicious user to access the application.\n\n" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-21T01:21:43.830108Z", "orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS" }, "references": [ { "url": "https://devolutions.net/security/advisories/DEVO-2022-0011" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "assignerShortName": "DEVOLUTIONS", "cveId": "CVE-2022-4287", "datePublished": "2022-12-20T14:16:09.540Z", "dateReserved": "2022-12-05T14:21:02.505Z", "dateUpdated": "2024-08-03T01:34:49.966Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3781
Vulnerability from cvelistv5
Published
2022-11-01 18:28
Modified
2024-08-03 01:20
Severity ?
EPSS score ?
Summary
Dashlane password and Keepass Server password in My Account Settings are not encrypted in the database in Devolutions Remote Desktop Manager 2022.2.26 and prior versions and Devolutions Server 2022.3.1 and prior versions which allows database users to read the data.
This issue affects :
Remote Desktop Manager 2022.2.26 and prior versions.
Devolutions Server 2022.3.1 and prior versions.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Devolutions | Remote Desktop Manager |
Version: 0 < |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:20:58.271Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://devolutions.net/security/advisories/DEVO-2022-0009" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Remote Desktop Manager", "vendor": "Devolutions", "versions": [ { "lessThanOrEqual": "2022.2.26", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Devolutions Server", "vendor": "Devolutions", "versions": [ { "lessThanOrEqual": "2022.3.1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Dashlane password and Keepass Server password in My Account Settings\u0026nbsp; are not encrypted in the database in Devolutions Remote Desktop Manager 2022.2.26 and prior versions and Devolutions Server 2022.3.1 and prior versions which allows database users to read the data.\u003cbr\u003e\u003cbr\u003eThis issue affects : \u003cbr\u003e\u003cdiv\u003eRemote Desktop Manager 2022.2.26 and prior versions.\u003c/div\u003e\u003cdiv\u003eDevolutions Server 2022.3.1 and prior versions.\u003cbr\u003e\u003c/div\u003e" } ], "value": "Dashlane password and Keepass Server password in My Account Settings\u00a0 are not encrypted in the database in Devolutions Remote Desktop Manager 2022.2.26 and prior versions and Devolutions Server 2022.3.1 and prior versions which allows database users to read the data.\n\nThis issue affects : \nRemote Desktop Manager 2022.2.26 and prior versions.\n\nDevolutions Server 2022.3.1 and prior versions.\n\n\n" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-311", "description": "CWE-311 Missing Encryption of Sensitive Data", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-01T18:28:28.590Z", "orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS" }, "references": [ { "url": "https://devolutions.net/security/advisories/DEVO-2022-0009" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "assignerShortName": "DEVOLUTIONS", "cveId": "CVE-2022-3781", "datePublished": "2022-11-01T18:28:28.590Z", "dateReserved": "2022-10-31T19:43:01.182Z", "dateUpdated": "2024-08-03T01:20:58.271Z", "requesterUserId": "f8cc67d2-f063-4532-a07d-c228278dd519", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-5765
Vulnerability from cvelistv5
Published
2023-11-01 17:12
Modified
2024-09-06 15:47
Severity ?
EPSS score ?
Summary
Improper access control in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to bypass permissions via data source switching.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Devolutions | Remote Desktop Manager |
Version: 0 < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:07:32.682Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://devolutions.net/security/advisories/DEVO-2023-0019/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-5765", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T15:46:32.086625Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T15:47:08.487Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Remote Desktop Manager", "vendor": "Devolutions", "versions": [ { "lessThanOrEqual": "2023.2.33", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Improper access control in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to bypass permissions via data source switching.\u003cbr\u003e" } ], "value": "Improper access control in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to bypass permissions via data source switching.\n" } ], "providerMetadata": { "dateUpdated": "2023-11-01T17:12:15.912Z", "orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS" }, "references": [ { "url": "https://devolutions.net/security/advisories/DEVO-2023-0019/" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "assignerShortName": "DEVOLUTIONS", "cveId": "CVE-2023-5765", "datePublished": "2023-11-01T17:12:15.912Z", "dateReserved": "2023-10-25T13:40:26.166Z", "dateUpdated": "2024-09-06T15:47:08.487Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-42098
Vulnerability from cvelistv5
Published
2021-10-18 13:22
Modified
2024-08-04 03:22
Severity ?
EPSS score ?
Summary
An incomplete permission check on entries in Devolutions Remote Desktop Manager before 2021.2.16 allows attackers to bypass permissions via batch custom PowerShell.
References
▼ | URL | Tags |
---|---|---|
https://devolutions.net | x_refsource_MISC | |
https://devolutions.net/security/advisories/DEVO-2021-0006 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Devolutions | Remote Desktop Manager |
Version: 2021.2.14 and earlier. Fixed in 2021.2.16. |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T03:22:25.977Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://devolutions.net" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://devolutions.net/security/advisories/DEVO-2021-0006" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Remote Desktop Manager", "vendor": "Devolutions", "versions": [ { "status": "affected", "version": "2021.2.14 and earlier. Fixed in 2021.2.16." } ] } ], "descriptions": [ { "lang": "en", "value": "An incomplete permission check on entries in Devolutions Remote Desktop Manager before 2021.2.16 allows attackers to bypass permissions via batch custom PowerShell." } ], "problemTypes": [ { "descriptions": [ { "description": "Insecure Permissions", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-10-18T13:22:57", "orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://devolutions.net" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://devolutions.net/security/advisories/DEVO-2021-0006" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@devolutions.net", "ID": "CVE-2021-42098", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Remote Desktop Manager", "version": { "version_data": [ { "version_value": "2021.2.14 and earlier. Fixed in 2021.2.16." } ] } } ] }, "vendor_name": "Devolutions" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An incomplete permission check on entries in Devolutions Remote Desktop Manager before 2021.2.16 allows attackers to bypass permissions via batch custom PowerShell." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Insecure Permissions" } ] } ] }, "references": { "reference_data": [ { "name": "https://devolutions.net", "refsource": "MISC", "url": "https://devolutions.net" }, { "name": "https://devolutions.net/security/advisories/DEVO-2021-0006", "refsource": "CONFIRM", "url": "https://devolutions.net/security/advisories/DEVO-2021-0006" } ] } } } }, "cveMetadata": { "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "assignerShortName": "DEVOLUTIONS", "cveId": "CVE-2021-42098", "datePublished": "2021-10-18T13:22:57", "dateReserved": "2021-10-07T00:00:00", "dateUpdated": "2024-08-04T03:22:25.977Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }