CVE-2022-3641

2022-12-0714:35:18

DEVOLUTIONS

www.cve.org

azure

sql

elevation of privilege

devolutions remote desktop manager

spoofing

authenticated user

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.9%

JSON

Elevation of privilege in the Azure SQL Data Source in Devolutions Remote Desktop Manager 2022.3.13 to 2022.3.24 allows an authenticated user to spoof a privileged account.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "Remote Desktop Manager",
    "vendor": "Devolutions",
    "versions": [
      {
        "lessThanOrEqual": "2022.3.24",
        "status": "affected",
        "version": "2022.3.13",
        "versionType": "custom"
      }
    ]
  }
]

References

devolutions.net/security/advisories/DEVO-2022-0010