Sécurité et conformité

DEVO-2023-0019

Résumé

Remote Desktop Manager Windows and Devolutions Server are affected by security vulnerabilities.

Produits affectés

Remote Desktop Manager Windows 2023.2.33 and earlierDevolutions Server 2023.2.10.0 and earlier

Journal des modifications

2023-11-01 - Initial Publication 2023-11-09 - Updated Devolutions Server fixed version due to new LTS release. 2023-11-10 - Updated Remote Desktop Manager fixed version due to backported fix to 2023.2.34

Sévérité

High

Produit

Remote Desktop Manager Windows, Devolutions Server

Version corrigée

RDMW 2023.2.34, DVLS 2023.2.11

Remote code execution in Remote Desktop Manager

Description

A remote code execution vulnerability in Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to remotely execute code from another windows user session on the same host via a specially crafted TCP packet.

Mesures correctives et solutions de contournement

Upgrade to Remote Desktop Manager Windows 2023.2.34 or higher.

Sévérité

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 8.8 High

Produits affectés

Remote Desktop Manager Windows 2023.2.33 and earlier

CVE(s)

CVE-2023-5766

Improper access control in Password Analyser feature

Description

Improper access control in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to bypass permissions via data source switching.

Mesures correctives et solutions de contournement

Upgrade to Remote Desktop Manager Windows 2023.2.34 or higher.

Sévérité

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 4.3 Medium

Produits affectés

Remote Desktop Manager Windows 2023.2.33 and earlier

CVE(s)

CVE-2023-5765

Improper access control in Report log filters feature

Description

Improper access control in Report log filters feature in Devolutions Server 2023.2.10.0 and earlier allows attackers to retrieve logs from vaults or entries they are not allowed to access via the report request url query parameters.

Mesures correctives et solutions de contournement

Upgrade to Devolutions Server 2023.2.11.0 or higher

Sévérité

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 4.3 Medium

Produits affectés

Devolutions Server 2023.2.10.0 and earlier

CVE(s)

CVE-2023-5358

Devolutions aide les organisations à contrôler le chaos relié aux TI en offrant des solutions sécurisées de gestion d’accès privilégiés, de connexions à distance et de mots de passe.

DEVOLUTIONS

Légal & vie privée | infos@devolutions.net

Tous droits réservés © 2025 Devolutions