Security & Compliance
DEVO-2024-0016
Zusammenfassung
Remote Desktop Manager is affected by vulnerabilities.
Betroffene Produkte
Remote Desktop Manager 2024.3.17 and earlier
Änderungsprotokoll
11/25/2024 - Initial publication
Schweregrad
Medium
Produkt
Remote Desktop Manager
Behobene Version
2024.3.18
Incorrect authorization in the permission validation component of Devolutions Remote Desktop Manager
Beschreibung
Incorrect authorization in the permission validation component of Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows a malicious authenticated user to bypass the "View Password" permission via specific actions.
Behebungen und Workarounds
Upgrade to Remote Desktop Manager 2024.3.10 or higher
Schweregrad
Medium 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Betroffene Produkte
Remote Desktop Manager 2024.2.21 and earlier
CVE(s)
CVE-2024-11670
Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager
Beschreibung
Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024.3.17 and earlier on Windows allows an authenticated user to bypass the MFA validation via data source switching.
Behebungen und Workarounds
Upgrade to Remote Desktop Manager 2024.3.18 or higher
Schweregrad
Medium 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Betroffene Produkte
Devolutions Remote Desktop Manager 2024.3.17 and earlier
CVE(s)
CVE-2024-11671
Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager
Beschreibung
Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows an authenticated malicious user to bypass the "Add" permission via the import in vault feature.
Behebungen und Workarounds
Upgrade to Remote Desktop Manager 2024.3.10 or higher
Schweregrad
Medium 5.3 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Betroffene Produkte
Remote Desktop Manager 2024.2.21 and earlier
CVE(s)
CVE-2024-11672