Sécurité et conformité
DEVO-2023-0024
Résumé
Remote Desktop Manager Windows is affected by a vulnerability.
Produits affectés
Remote Desktop Manager Windows 2023.3.31.0 and earlier.
Journal des modifications
2023-12-21 - Initial publication
Sévérité
Low
Produit
Remote Desktop Manager
Version corrigée
2023.3.32
Client-side permission bypass using remote tools context menu
Description
Inadequate validation of permissions when employing remote tools and macros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature. This affects only SQL data sources.
Mesures correctives et solutions de contournement
Upgrade to Remote Desktop Manager Windows 2023.3.32 or higher
Sévérité
Low 2.0 - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/U:Green
Produits affectés
Remote Desktop Manager Windows 2023.3.31.0 and earlier.
CVE(s)
CVE-2023-7047