Security & Compliance

DEVO-2022-0005

Affected Products

Remote Desktop Manager 2022.1 and earlier

Change Log

Initial Publication - 2022-06-21

Severity

Medium

Product

Remote Desktop Manager

Fix Version

2022.2

Summary

An arbitrary file write in entry attachments was fixed in Remote Desktop Manager 2022.2

Arbitrary file write via path traversal in entry attachments

Description

Files can be attached to entries in Remote Desktop Manager. Special path characters were not being properly sanitized when constructing the destination path. An attacker could construct a path to write the file in an arbitrary directory when the file is opened.

Remediation and Workarounds

Upgrade to Remote Desktop Manager 2022.2

Severity

Medium - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N

Affected Products

Remote Desktop Manager 2022.1 and earlier

CVE(s)

CVE-2022-33995

Devolutions Logo
English français Deutsch
Contact Us

Helping organizations control the IT chaos by providing highly-secure password, remote connection and privileged access management solutions.

DEVOLUTIONS 1000 Notre-Dame, Lavaltrie, QC J5T 1M1, Canada
Legal & Privacy infos@devolutions.net
All rights reserved © 2022 Devolutions