Sécurité et conformité
DEVO-2024-0016
Résumé
Remote Desktop Manager is affected by vulnerabilities.
Produits affectés
Remote Desktop Manager 2024.3.17 and earlier
Journal des modifications
11/25/2024 - Initial publication
Sévérité
Medium
Produit
Remote Desktop Manager
Version corrigée
2024.3.18
Incorrect authorization in the permission validation component of Devolutions Remote Desktop Manager
Description
Incorrect authorization in the permission validation component of Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows a malicious authenticated user to bypass the "View Password" permission via specific actions.
Mesures correctives et solutions de contournement
Upgrade to Remote Desktop Manager 2024.3.10 or higher
Sévérité
Medium 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Produits affectés
Remote Desktop Manager 2024.2.21 and earlier
CVE(s)
CVE-2024-11670
Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager
Description
Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024.3.17 and earlier on Windows allows an authenticated user to bypass the MFA validation via data source switching.
Mesures correctives et solutions de contournement
Upgrade to Remote Desktop Manager 2024.3.18 or higher
Sévérité
Medium 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Produits affectés
Devolutions Remote Desktop Manager 2024.3.17 and earlier
CVE(s)
CVE-2024-11671
Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager
Description
Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows an authenticated malicious user to bypass the "Add" permission via the import in vault feature.
Mesures correctives et solutions de contournement
Upgrade to Remote Desktop Manager 2024.3.10 or higher
Sévérité
Medium 5.3 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Produits affectés
Remote Desktop Manager 2024.2.21 and earlier
CVE(s)
CVE-2024-11672