Security & Compliance
DEVO-2023-0024
Zusammenfassung
Remote Desktop Manager Windows is affected by a vulnerability.
Betroffene Produkte
Remote Desktop Manager Windows 2023.3.31.0 and earlier.
Änderungsprotokoll
2023-12-21 - Initial publication
Schweregrad
Low
Produkt
Remote Desktop Manager
Behobene Version
2023.3.32
Client-side permission bypass using remote tools context menu
Beschreibung
Inadequate validation of permissions when employing remote tools and macros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature. This affects only SQL data sources.
Behebungen und Workarounds
Upgrade to Remote Desktop Manager Windows 2023.3.32 or higher
Schweregrad
Low 2.0 - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/U:Green
Betroffene Produkte
Remote Desktop Manager Windows 2023.3.31.0 and earlier.
CVE(s)
CVE-2023-7047