Devolutions: >> Remote Desktop Manager >> 2022.3.1.5 Security Vulnerabilities
Improper access control in the Web Login listener in Devolutions Remote Desktop Manager 2023.1.22 and earlier on Windows allows an authenticated user to bypass administrator-enforced Web Login restrictions and gain access to entries via an unexpected vector.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-04-25
Two factor
authentication
bypass on login in Devolutions Remote Desktop Manager 2022.3.35 and earlier allow user to cancel the two factor authentication via the application user interface and open entries.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-04-11
Permission bypass when importing or synchronizing entriesĀ in User vault
in Devolutions Remote Desktop Manager 2023.1.9 and prior versions allows users with restricted rights to bypass entry permission via id collision.
CVSS Score
6.5
EPSS Score
0.0
Published
2023-04-02
Improper removal of sensitive data in the entry edit feature of Hub Business submodule in Devolutions Remote Desktop Manager PowerShell Module 2022.3.1.5 and earlier allows an authenticated user to access sensitive data on entries that were edited using the affected submodule.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-03-10
Authentication bypass in local application lock feature in Devolutions Remote Desktop ManagerĀ 2022.3.26 and earlier on Windows allows malicious user to access the application.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-12-21
Database connections on deleted users could stay active on MySQL data sources in Remote Desktop Manager 2022.3.7 and below which allow deleted users to access unauthorized data.
This issue affects :
Remote Desktop Manager 2022.3.7 and prior versions.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-11-01
Page 2