MAIN MENU

Security & compliance

Upholding the highest standards to protect your data and ensure trust.

DEVO-2024-0016

Remote Desktop Manager is affected by vulnerabilities.

Affected Products

Remote Desktop Manager
2024.3.17 and earlier

Change Log

11/25/2024 - Initial publication

Incorrect authorization in the permission validation component of Devolutions Remote Desktop Manager

Medium 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Incorrect authorization in the permission validation component of Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows a malicious authenticated user to bypass the "View Password" permission via specific actions.

CVE(s)

CVE-2024-11670

Remediation and Workarounds

Upgrade to Remote Desktop Manager 2024.3.10 or higher

Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager

Medium 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024.3.17 and earlier on Windows allows an authenticated user to bypass the MFA validation via data source switching.

CVE(s)

CVE-2024-11671

Remediation and Workarounds

Upgrade to Remote Desktop Manager 2024.3.18 or higher

Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager

Medium 5.3 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows an authenticated malicious user to bypass the "Add" permission via the import in vault feature.

CVE(s)

CVE-2024-11672

Remediation and Workarounds

Upgrade to Remote Desktop Manager 2024.3.10 or higher