DEVO-2021-0006

Affected Products

Remote Desktop Manager 2021.2.14 and earlier

Change Log

2021-10-14 - Initial Publication

Severity

High

Product

Remote Desktop Manager

Fix Version

2021.2.16

Summary

An incomplete permission check allows users to perform operations on entries without the required permissions when using the batch "Custom Powershell" action.

Permissions bypass with batch Custom Powershell

Description

Users could perform operations on entries without the required permissions when using the batch "Custom Powershell" action.

Remediation and Workarounds

Update to Remote Desktop Manager 2021.2.16 or higher

Severity

High - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Affected Products

Remote Desktop Manager 2021.2.14 and earlier

CVE(s)

CVE-2021-42098