Lucene search

DEVOLUTIONSCVE-2022-3780

HistoryNov 01, 2022 - 7:15 p.m.

CVE-2022-3780

2022-11-0119:15:11

CWE-284

DEVOLUTIONS

web.nvd.nist.gov

database

connections

remote desktop manager

cve-2022-3780

security issue

mysql

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.4

Confidence

High

EPSS

0.002

Percentile

51.4%

JSON

Database connections on deleted users could stay active on MySQL data sources in Remote Desktop Manager 2022.3.7 and below which allow deleted users to access unauthorized data.

This issue affects :
Remote Desktop Manager 2022.3.7 and prior versions.

Affected configurations

Nvd

Node

devolutionsremote_desktop_managerRange<2022.3.8

VendorProductVersionCPE
devolutionsremote_desktop_manager*cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
devolutions	remote_desktop_manager	*	cpe:2.3:a:devolutions:remote_desktop_manager::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Remote Desktop Manager",
    "vendor": "Devolutions",
    "versions": [
      {
        "lessThanOrEqual": "2022.3.7",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

devolutions.net/security/advisories/DEVO-2022-0008

Social References

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.4

Confidence

High

EPSS

0.002

Percentile

51.4%

JSON

Related for CVE-2022-3780