Sécurité et conformité

DEVO-2024-0008

Résumé

Devolutions Remote Desktop manager is affected by multiple vulnerabilities.

Produits affectés

Multiple versions are affected, see individual vulnerabilities for more details.

Journal des modifications

17/06/2024 - Initial publication

Sévérité

Medium

Produit

Remote Desktop Manager

Version corrigée

2024.2.8.0

Improper authentication in the vault password feature

Description

Improper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024.1.31.0 and earlier allows an attacker that has compromised an access to an RDM instance to bypass the vault master password via the offline mode feature.

Mesures correctives et solutions de contournement

Upgrade to Remote Desktop Manager 2024.1.32 or higher

Sévérité

Medium 5.7 - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Produits affectés

Remote Desktop Manager 2024.1.31.0 and earlier

CVE(s)

CVE-2024-6057

Improper removal of sensitive information in data source export

Description

Improper removal of sensitive information in data source export feature in Devolutions Remote Desktop Manager 2024.1.32.0 and earlier on Windows allows an attacker that obtains the exported settings to recover powershell credentials configured on the data source via stealing the configuration file.

Mesures correctives et solutions de contournement

Upgrade to Remote Desktop Manager 2024.2.8.0 or higher

Sévérité

Medium 5.7 - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Produits affectés

Remote Desktop Manager 2024.1.32.0 and earlier

CVE(s)

CVE-2024-6055

Devolutions aide les organisations à contrôler le chaos relié aux TI en offrant des solutions sécurisées de gestion d’accès privilégiés, de connexions à distance et de mots de passe.

DEVOLUTIONS

Légal & vie privée | infos@devolutions.net

Tous droits réservés © 2025 Devolutions