Sécurité et conformité
DEVO-2022-0005
Résumé
An arbitrary file write in entry attachments was fixed in Remote Desktop Manager 2022.2
Produits affectés
Remote Desktop Manager 2022.1 and earlier
Journal des modifications
Initial Publication - 2022-06-21
Sévérité
Medium
Produit
Remote Desktop Manager
Version corrigée
2022.2
Arbitrary file write via path traversal in entry attachments
Description
Files can be attached to entries in Remote Desktop Manager. Special path characters were not being properly sanitized when constructing the destination path. An attacker could construct a path to write the file in an arbitrary directory when the file is opened.
Mesures correctives et solutions de contournement
Upgrade to Remote Desktop Manager 2022.2
Sévérité
Medium - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
Produits affectés
Remote Desktop Manager 2022.1 and earlier
CVE(s)
CVE-2022-33995