Security & Compliance

DEVO-2022-0008

Affected Products

Remote Desktop Manager 2022.3.7 and earlier.

Change Log

Initial publication - 2022-11-01

Severity

Medium

Product

Remote Desktop Manager

Fix Version

2022.3.8

Summary

Database connections are not closed properly on MySQL data sources after a user is deleted which could allow them to access unauthorized data.

Database connections for deleted users not closed on MySQL data sources

Description

Database connections on deleted users could stay active on MySQL data sources in Remote Desktop Manager 2022.3.7 and below which allow deleted users to access unauthorized data.

Remediation and Workarounds

Upgrade to Remote Desktop Manager 2022.3.8 and later.

Severity

Medium - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected Products

Remote Desktop Manager 2022.3.7 and earlier.

CVE(s)

CVE-2022-3780

Devolutions Logo
English français Deutsch
Contact Us

Helping organizations control the IT chaos by providing highly-secure password, remote connection and privileged access management solutions.

DEVOLUTIONS 1000 Notre-Dame, Lavaltrie, QC J5T 1M1, Canada
Legal & Privacy infos@devolutions.net
All rights reserved © 2023 Devolutions