Security & Compliance

DEVO-2022-0005

Summary

An arbitrary file write in entry attachments was fixed in Remote Desktop Manager 2022.2

Affected Products

Remote Desktop Manager 2022.1 and earlier

Change Log

Initial Publication - 2022-06-21

Severity

Medium

Products

Remote Desktop Manager

Fix Version

2022.2

Arbitrary file write via path traversal in entry attachments

Description

Files can be attached to entries in Remote Desktop Manager. Special path characters were not being properly sanitized when constructing the destination path. An attacker could construct a path to write the file in an arbitrary directory when the file is opened.

Remediation and Workarounds

Upgrade to Remote Desktop Manager 2022.2

Severity

Medium - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N

Affected Products

Remote Desktop Manager 2022.1 and earlier

CVE(s)

CVE-2022-33995

Helping organizations control the IT chaos by providing highly-secure password, remote connection and privileged access management solutions.

DEVOLUTIONS

Legal & privacy | infos@devolutions.net

All rights reserved © 2025 Devolutions