Security & Compliance

DEVO-2024-0017

Zusammenfassung

Devolutions Server and Remote Desktop Manager are affected by vulnerabilities

Betroffene Produkte

Devolutions Server 2024.3.8.0 and earlierRemote Desktop Manager 2024.3.19.0 and earlier

Änderungsprotokoll

2024/12/4 - Initial publication

Schweregrad

High

Produkt

Devolutions Server, Remote Desktop Manager

Behobene Version

See vulnerabilities for fixed versions

Incorrect authorization in report permission validation component

Beschreibung

Incorrect authorization in permission validation component in Devolutions Server 2024.3.6.0 and earlier allows an authenticated user to access some reporting endpoints.

Behebungen und Workarounds

Upgrade to Devolutions Server 2024.3.7.0 or higher

Schweregrad

5.3 Medium - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Betroffene Produkte

Devolutions Server 2024.3.6.0 and earlier

CVE(s)

CVE-2024-12148

Incorrect permission assignment in temporary access requests component

Beschreibung

Incorrect permission assignment in temporary access requests component in Devolutions Remote Desktop Manager 2024.3.19.0 and earlier on Windows allows an authenticated user that request temporary permissions on an entry to obtain more privileges than requested.

Behebungen und Workarounds

Upgrade to Remote Desktop Manager 2024.3.20.0 or higher

Schweregrad

8.6 High - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Betroffene Produkte

Remote Desktop Manager 2024.3.19.0 and earlier

CVE(s)

CVE-2024-12149

Incorrect permission assignment in the user migration feature

Beschreibung

Incorrect permission assignment in the user migration feature in Devolutions Server 2024.3.8.0 and earlier allows users to retain their old permission sets.

Behebungen und Workarounds

Upgrade to Devolutions Server 2024.3.9.0 or higher

Schweregrad

2.3 Low - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Betroffene Produkte

Devolutions Server 2024.3.8.0 and earlier

CVE(s)

CVE-2024-12151

Incorrect authorization in the view password permission component in Devolutions Server

Beschreibung

Incorrect authorization in the permission component in Devolutions Server 2024.3.7.0 and earlier allows an authenticated user to view the password history of an entry without the view password permission.

The user must have access to the entry to exploit the vulnerability.

Behebungen und Workarounds

Upgrade to Devolutions Server 2024.3.8.0 or higher

Schweregrad

7.1 High - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Betroffene Produkte

Devolutions Server 2024.3.7.0 and earlier

CVE(s)

CVE-2024-12196

Wir helfen Unternehmen dabei, das IT-Chaos zu meistern, indem wir Lösungen für Passwortverwaltung, Remoteverbindungen und privilegierte Zugriffsverwaltung bereitstellen.

DEVOLUTIONS

Sicherheit & Datenschutz | infos@devolutions.net

Alle Rechte vorbehalten © 2025 Devolutions