Sécurité et conformité
DEVO-2023-0015
Résumé
Remote Desktop Manager Windows is affected by multiple security vulnerabilities.
Produits affectés
Remote Desktop Manager Windows
Journal des modifications
Initial Publication - 2023-08-21
Sévérité
Medium
Produit
Remote Desktop Manager Windows
Version corrigée
2023.2.22
Unauthorized Connection Exploit via Remote Tools in Remote Desktop Manager
Description
Inadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature.
Mesures correctives et solutions de contournement
Upgrade to Remote Desktop Manager Windows 2023.2.22 and higher.
Sévérité
Medium - 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Produits affectés
Remote Desktop Manager Windows 2023.2.19 and earlier.
CVE(s)
CVE-2023-4373
Incorrect vault used for the duplicate entry feature.
Description
Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances, to inadvertently share their personal vault entry with shared vaults via an incorrect vault in the duplication write process.
Mesures correctives et solutions de contournement
Upgrade to Remote Desktop Manager Windows 2023.2.22 and higher.
Sévérité
Medium - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N 5.7
Produits affectés
Remote Desktop Manager Windows 2023.2.19 and earlier.
CVE(s)
CVE-2023-4417