Portal Portal Forum Forum Devolutions Force Devolutions Force RDM Online Services RDM Online Services Devolutions Hub Business Devolutions Hub Business Devolutions Hub Personal Devolutions Hub Personal Tools RDM RDM Web Login Web Login Workspace Workspace Launcher Launcher

Security & Compliance

Security & Compliance Reporting a Security Issue Advisories

DEVO-2021-0006

Summary

An incomplete permission check allows users to perform operations on entries without the required permissions when using the batch "Custom Powershell" action.

Affected Products

Remote Desktop Manager 2021.2.14 and earlier

Change Log

2021-10-14 - Initial Publication

Severity

High

Product

Remote Desktop Manager

Fix Version

2021.2.16

Permissions bypass with batch Custom Powershell

Description

Users could perform operations on entries without the required permissions when using the batch "Custom Powershell" action.

Remediation and Workarounds

Update to Remote Desktop Manager 2021.2.16 or higher

Severity

High - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Affected Products

Remote Desktop Manager 2021.2.14 and earlier

CVE(s)

CVE-2021-42098