Security & Compliance
DEVO-2022-0005
Zusammenfassung
An arbitrary file write in entry attachments was fixed in Remote Desktop Manager 2022.2
Betroffene Produkte
Remote Desktop Manager 2022.1 and earlier
Änderungsprotokoll
Initial Publication - 2022-06-21
Schweregrad
Medium
Produkt
Remote Desktop Manager
Behobene Version
2022.2
Arbitrary file write via path traversal in entry attachments
Beschreibung
Files can be attached to entries in Remote Desktop Manager. Special path characters were not being properly sanitized when constructing the destination path. An attacker could construct a path to write the file in an arbitrary directory when the file is opened.
Behebungen und Workarounds
Upgrade to Remote Desktop Manager 2022.2
Schweregrad
Medium - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
Betroffene Produkte
Remote Desktop Manager 2022.1 and earlier
CVE(s)
CVE-2022-33995