Security & Compliance

DEVO-2023-0019

Zusammenfassung

Remote Desktop Manager Windows and Devolutions Server are affected by security vulnerabilities.

Betroffene Produkte

Remote Desktop Manager Windows 2023.2.33 and earlierDevolutions Server 2023.2.10.0 and earlier

Änderungsprotokoll

2023-11-01 - Initial Publication 2023-11-09 - Updated Devolutions Server fixed version due to new LTS release. 2023-11-10 - Updated Remote Desktop Manager fixed version due to backported fix to 2023.2.34

Schweregrad

High

Produkt

Remote Desktop Manager Windows, Devolutions Server

Behobene Version

RDMW 2023.2.34, DVLS 2023.2.11

Remote code execution in Remote Desktop Manager

Beschreibung

A remote code execution vulnerability in Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to remotely execute code from another windows user session on the same host via a specially crafted TCP packet.

Behebungen und Workarounds

Upgrade to Remote Desktop Manager Windows 2023.2.34 or higher.

Schweregrad

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 8.8 High

Betroffene Produkte

Remote Desktop Manager Windows 2023.2.33 and earlier

CVE(s)

CVE-2023-5766

Improper access control in Password Analyser feature

Beschreibung

Improper access control in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to bypass permissions via data source switching.

Behebungen und Workarounds

Upgrade to Remote Desktop Manager Windows 2023.2.34 or higher.

Schweregrad

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 4.3 Medium

Betroffene Produkte

Remote Desktop Manager Windows 2023.2.33 and earlier

CVE(s)

CVE-2023-5765

Improper access control in Report log filters feature

Beschreibung

Improper access control in Report log filters feature in Devolutions Server 2023.2.10.0 and earlier allows attackers to retrieve logs from vaults or entries they are not allowed to access via the report request url query parameters.

Behebungen und Workarounds

Upgrade to Devolutions Server 2023.2.11.0 or higher

Schweregrad

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 4.3 Medium

Betroffene Produkte

Devolutions Server 2023.2.10.0 and earlier

CVE(s)

CVE-2023-5358

Wir helfen Unternehmen dabei, das IT-Chaos zu meistern, indem wir Lösungen für Passwortverwaltung, Remoteverbindungen und privilegierte Zugriffsverwaltung bereitstellen.

DEVOLUTIONS

Sicherheit & Datenschutz | infos@devolutions.net

Alle Rechte vorbehalten © 2025 Devolutions