Portal
Forum
Devolutions Force
Devolutions Hub Business
Devolutions Hub Personal
RDM
Web Login
Workspace
Launcher
Security & Compliance
DEVO-2023-0008
Summary
Devolutions Server and Remote Desktop Manager are affected by multiple security vulnerabilities.
Affected Products
Remote Desktop Manager 2023.1.9 and below Devolutions Server 2022.3.13 and below
Change Log
Initial Publication - 2023-03-23
Severity
High
Product
Remote Desktop Manager, Devolutions Server
Fix Version
RDM 2023.1.10, DVLS 2023.1.0
Permission bypass when importing or synchronizing entries (CVE-2023-1202)
Description
Permission bypass when importing or synchronizing entries in User vault in Devolutions Remote Desktop Manager 2023.1.9 and prior versions allows users with restricted rights to bypass entry permission via id collision.
Remediation and Workarounds
Update to Remote Desktop Manager 2023.1.10 or higher
Severity
High (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N 7.3)
Affected Products
Remote Desktop Managers 2023.1.9 and earlier
CVE(s)
CVE-2023-1202
Permission bypass when importing or synchronizing entries (CVE-2023-1603)
Description
Permission bypass when importing or synchronizing entries in User vault in Devolutions Server 2022.3.13 and prior versions allows users with restricted rights to bypass entry permission via id collision.
Remediation and Workarounds
Update to Devolutions Server 2023.1.3.0 or higher
Severity
High (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N 7.3)
Affected Products
Devolutions Server 2022.3.13 and earlier
CVE(s)
CVE-2023-1603