Security & Compliance

DEVO-2022-0005

Zusammenfassung

An arbitrary file write in entry attachments was fixed in Remote Desktop Manager 2022.2

Betroffene Produkte

Remote Desktop Manager 2022.1 and earlier

Änderungsprotokoll

Initial Publication - 2022-06-21

Schweregrad

Medium

Produkt

Remote Desktop Manager

Behobene Version

2022.2

Arbitrary file write via path traversal in entry attachments

Beschreibung

Files can be attached to entries in Remote Desktop Manager. Special path characters were not being properly sanitized when constructing the destination path. An attacker could construct a path to write the file in an arbitrary directory when the file is opened.

Behebungen und Workarounds

Upgrade to Remote Desktop Manager 2022.2

Schweregrad

Medium - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N

Betroffene Produkte

Remote Desktop Manager 2022.1 and earlier

CVE(s)

CVE-2022-33995

Wir helfen Unternehmen dabei, das IT-Chaos zu meistern, indem wir Lösungen für Passwortverwaltung, Remoteverbindungen und privilegierte Zugriffsverwaltung bereitstellen.

DEVOLUTIONS

Sicherheit & Datenschutz | infos@devolutions.net

Alle Rechte vorbehalten © 2025 Devolutions