Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Remote_desktop_manager
(Devolutions)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 34 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-04-25 | CVE-2023-2282 | Improper access control in the Web Login listener in Devolutions Remote Desktop Manager 2023.1.22 and earlier on Windows allows an authenticated user to bypass administrator-enforced Web Login restrictions and gain access to entries via an unexpected vector. | Remote_desktop_manager | 6.5 | ||
| 2024-03-13 | CVE-2024-2403 | Improper cleanup in temporary file handling component in Devolutions Remote Desktop Manager 2024.1.12 and earlier on Windows allows an attacker that compromised a user endpoint, under specific circumstances, to access sensitive information via residual files in the temporary directory. | Remote_desktop_manager | 5.9 | ||
| 2021-04-01 | CVE-2021-28047 | Cross-Site Scripting (XSS) in Administrative Reports in Devolutions Remote Desktop Manager before 2021.1 allows remote authenticated users to inject arbitrary web script or HTML via multiple input fields. | Remote_desktop_manager | 5.4 | ||
| 2021-04-01 | CVE-2021-23922 | An issue was discovered in Devolutions Remote Desktop Manager before 2020.2.12. There is a cross-site scripting (XSS) vulnerability in webviews. | Remote_desktop_manager | 5.4 | ||
| 2021-10-18 | CVE-2021-42098 | An incomplete permission check on entries in Devolutions Remote Desktop Manager before 2021.2.16 allows attackers to bypass permissions via batch custom PowerShell. | Remote_desktop_manager | 8.8 | ||
| 2022-06-15 | CVE-2022-1342 | A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. A caching issue can cause sensitive fields to sometimes stay revealed when closing and reopening a panel, which could lead to involuntarily disclosing sensitive information. This issue affects: Devolutions Remote Desktop Manager 2022.1.24 version and prior versions. | Remote_desktop_manager | 4.6 | ||
| 2022-06-21 | CVE-2022-33995 | A path traversal issue in entry attachments in Devolutions Remote Desktop Manager before 2022.2 allows attackers to create or overwrite files in an arbitrary location. | Remote_desktop_manager | 7.5 | ||
| 2022-06-27 | CVE-2022-2221 | Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users. This issue affects: Devolutions Remote Desktop Manager versions prior to 2022.1.8. | Remote_desktop_manager | 6.5 | ||
| 2022-09-13 | CVE-2022-3182 | Improper Access Control vulnerability in the Duo SMS two-factor of Devolutions Remote Desktop Manager 2022.2.14 and earlier allows attackers to bypass the application lock. This issue affects: Devolutions Remote Desktop Manager version 2022.2.14 and prior versions. | Remote_desktop_manager | 7.0 | ||
| 2022-12-12 | CVE-2022-3641 | Elevation of privilege in the Azure SQL Data Source in Devolutions Remote Desktop Manager 2022.3.13 to 2022.3.24 allows an authenticated user to spoof a privileged account. | Remote_desktop_manager | 8.8 |