Sécurité et conformité

DEVO-2024-0016

Résumé

Remote Desktop Manager is affected by vulnerabilities.

Produits affectés

Remote Desktop Manager 2024.3.17 and earlier

Journal des modifications

11/25/2024 - Initial publication

Sévérité

Medium

Produit

Remote Desktop Manager

Version corrigée

2024.3.18

Incorrect authorization in the permission validation component of Devolutions Remote Desktop Manager

Description

Incorrect authorization in the permission validation component of Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows a malicious authenticated user to bypass the "View Password" permission via specific actions.

Mesures correctives et solutions de contournement

Upgrade to Remote Desktop Manager 2024.3.10 or higher

Sévérité

Medium 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Produits affectés

Remote Desktop Manager 2024.2.21 and earlier

CVE(s)

CVE-2024-11670

Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager

Description

Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024.3.17 and earlier on Windows allows an authenticated user to bypass the MFA validation via data source switching.

Mesures correctives et solutions de contournement

Upgrade to Remote Desktop Manager 2024.3.18 or higher

Sévérité

Medium 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Produits affectés

Devolutions Remote Desktop Manager 2024.3.17 and earlier

CVE(s)

CVE-2024-11671

Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager

Description

Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows an authenticated malicious user to bypass the "Add" permission via the import in vault feature.

Mesures correctives et solutions de contournement

Upgrade to Remote Desktop Manager 2024.3.10 or higher

Sévérité

Medium 5.3 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Produits affectés

Remote Desktop Manager 2024.2.21 and earlier

CVE(s)

CVE-2024-11672

Devolutions aide les organisations à contrôler le chaos relié aux TI en offrant des solutions sécurisées de gestion d’accès privilégiés, de connexions à distance et de mots de passe.

DEVOLUTIONS

Légal & vie privée | infos@devolutions.net

Tous droits réservés © 2025 Devolutions