Security & Compliance

Remote Desktop Manager is affected by vulnerabilities.

Remote Desktop Manager 2024.3.17 and earlier

11/25/2024 - Initial publication

Medium

Remote Desktop Manager

2024.3.18

Incorrect authorization in the permission validation component of Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows a malicious authenticated user to bypass the "View Password" permission via specific actions.

Upgrade to Remote Desktop Manager 2024.3.10 or higher

Medium 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Remote Desktop Manager 2024.2.21 and earlier

CVE-2024-11670

Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024.3.17 and earlier on Windows allows an authenticated user to bypass the MFA validation via data source switching.

Upgrade to Remote Desktop Manager 2024.3.18 or higher

Medium 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Devolutions Remote Desktop Manager 2024.3.17 and earlier

CVE-2024-11671

Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows an authenticated malicious user to bypass the "Add" permission via the import in vault feature.

Upgrade to Remote Desktop Manager 2024.3.10 or higher

Medium 5.3 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Remote Desktop Manager 2024.2.21 and earlier

CVE-2024-11672