Security & Compliance

DEVO-2023-0004

Summary

The Hub Business submodule of the Remote Desktop Manager PowerShell module is affected by a vulnerability.

Affected Products

Devolutions Remote Desktop Manager PowerShell Module 2022.3.1.5 and below.

Change Log

Initial publication - 2023-03-06

Severity

Medium

Product

Remote Desktop Manager PowerShell Module

Fix Version

2022.3.1.6

Improper removal of sensitive data in Hub Business PowerShell submodule

Description

Improper removal of sensitive data in the entry edit feature of Hub Business submodule in Devolutions Remote Desktop Manager PowerShell Module 2022.3.1.5 and earlier allows an authenticated user to access sensitive data on entries that were edited using the affected submodule.

Remediation and Workarounds

Upgrade to Remote Desktop Manager PowerShell module 2022.3.1.6 and higher.

Severity

Medium - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 5.3

Affected Products

Remote Desktop Manager PowerShell module 2022.3.1.5 and below.

CVE(s)

CVE-2023-1203