Sécurité et conformité
DEVO-2024-0010
Résumé
Remote Desktop Manager is affected by a vulnerability
Produits affectés
Remote Desktop Manager 2024.2.11 and earlier
Journal des modifications
26/06/2024 - Initial publication
Sévérité
Low
Produit
Remote Desktop Manager Windows
Version corrigée
2024.2.12
Improper access control in PAM dashboard
Description
Improper access control in PAM dashboard in Devolutions Remote Desktop Manager 2024.2.11 and earlier on Windows allows an authenticated user to bypass the execute permission via the use of the PAM dashboard.
Please be advised that the execute permission is a client-side setting. As such, it does not expose any credentials beyond those the user already has access to. Consequently, this is classified as a low-severity issue.
Mesures correctives et solutions de contournement
Upgrade to Remote Desktop Manager 2024.2.12 or higher
Sévérité
2.3 Low - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Produits affectés
Remote Desktop Manager 2024.2.11 and earlier
CVE(s)
CVE-2024-6354