Sécurité et conformité

Remote Desktop Manager Windows and Devolutions Server are affected by security vulnerabilities.

Remote Desktop Manager Windows 2023.2.33 and earlierDevolutions Server 2023.2.10.0 and earlier

2023-11-01 - Initial Publication 2023-11-09 - Updated Devolutions Server fixed version due to new LTS release. 2023-11-10 - Updated Remote Desktop Manager fixed version due to backported fix to 2023.2.34

High

Remote Desktop Manager Windows, Devolutions Server

RDMW 2023.2.34, DVLS 2023.2.11

A remote code execution vulnerability in Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to remotely execute code from another windows user session on the same host via a specially crafted TCP packet.

Upgrade to Remote Desktop Manager Windows 2023.2.34 or higher.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 8.8 High

Remote Desktop Manager Windows 2023.2.33 and earlier

CVE-2023-5766

Improper access control in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to bypass permissions via data source switching.

Upgrade to Remote Desktop Manager Windows 2023.2.34 or higher.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 4.3 Medium

Remote Desktop Manager Windows 2023.2.33 and earlier

CVE-2023-5765

Improper access control in Report log filters feature in Devolutions Server 2023.2.10.0 and earlier allows attackers to retrieve logs from vaults or entries they are not allowed to access via the report request url query parameters.

Upgrade to Devolutions Server 2023.2.11.0 or higher

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 4.3 Medium

Devolutions Server 2023.2.10.0 and earlier

CVE-2023-5358