CVE-2023-4417

Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances, to inadvertently share their personal vault entry with shared vaults via an incorrect vault in th...

CVE-2023-4417

The CVE-2023-4417 issue affects Devolutions Remote Desktop Manager for Windows up to 2023.2.19, caused by improper access controls in the entry duplication component. An authenticated user can, under certain conditions, share a personal vault entry with shared vaults via an incorrect vault during...

CVE-2023-4417

Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances, to inadvertently share their personal vault entry with shared vaults via an incorrect vault in th...

CVE-2023-4373

Inadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature...

PT-2023-29140 · Devolutions · Devolutions Remote Desktop Manager

Name of the Vulnerable Software and Affected Versions: Devolutions Remote Desktop Manager versions 2023.2.19 and earlier Description: The issue is related to improper access controls in the entry duplication component, allowing an authenticated user, under specific circumstances, to inadvertently...

Devolutions Remote Desktop Manager 授权问题漏洞

Devolutions Remote Desktop Manager is an application from Devolutions Canada. It provides remote desktop management functionality. A security vulnerability exists in Devolutions Remote Desktop Manager version 2023.2.19 and prior versions that stems from insufficient privilege validation. An...

CVE-2023-2282

Improper access control in the Web Login listener in Devolutions Remote Desktop Manager 2023.1.22 and earlier on Windows allows an authenticated user to bypass administrator-enforced Web Login restrictions and gain access to entries via an unexpected vector...

CVE-2023-2282

Improper access control in the Web Login listener in Devolutions Remote Desktop Manager 2023.1.22 and earlier on Windows allows an authenticated user to bypass administrator-enforced Web Login restrictions and gain access to entries via an unexpected vector...

CVE-2023-2282

Devolutions Remote Desktop Manager suffers improper access control in the Web Login listener (affecting 2023.1.22 and earlier). An authenticated user can bypass administrator-imposed Web Login restrictions and access restricted entries via an unexpected vector. The NVD CVE entry lists a MEDIUM/LO...

PT-2023-18713 · Devolutions · Devolutions Remote Desktop Manager

Name of the Vulnerable Software and Affected Versions: Devolutions Remote Desktop Manager versions 2023.1.22 and earlier Description: The issue is related to improper access control in the Web Login listener, allowing an authenticated user to bypass administrator-enforced Web Login restrictions...

CVE-2023-1939

No access control for the OTP key on OTP entries in Devolutions Remote Desktop Manager Windows 2022.3.33.0 and prior versions and Remote Desktop Manager Linux 2022.3.2.0 and prior versions allows non admin users to see OTP keys via the user interface...

CVE-2023-1980

Two factor authentication bypass on login in Devolutions Remote Desktop Manager 2022.3.35 and earlier allow user to cancel the two factor authentication via the application user interface and open entries...

Design/Logic Flaw

No access control for the OTP key on OTP entries in Devolutions Remote Desktop Manager Windows 2022.3.33.0 and prior versions and Remote Desktop Manager Linux 2022.3.2.0 and prior versions allows non admin users to see OTP keys via the user interface...

Open redirect

Two factor authentication bypass on login in Devolutions Remote Desktop Manager 2022.3.35 and earlier allow user to cancel the two factor authentication via the application user interface and open entries...

CVE-2023-1939

CVE-2023-1939 concerns a lack of access control for the OTP key on OTP entries in Devolutions Remote Desktop Manager. Affected products: Windows 2022.3.33.0 and prior; Linux 2022.3.2.0 and prior. Impact: non-admin users can view OTP keys via the user interface. Root cause: insufficient authorizat...

CVE-2023-1980

Two factor authentication bypass on login in Devolutions Remote Desktop Manager 2022.3.35 and earlier allow user to cancel the two factor authentication via the application user interface and open entries...

CVE-2023-1980

Two factor authentication bypass on login in Devolutions Remote Desktop Manager 2022.3.35 and earlier allow user to cancel the two factor authentication via the application user interface and open entries...

CVE-2023-1980

CVE-2023-1980: Devolutions Remote Desktop Manager (versions ≤ 2022.3.35) contains a two-factor authentication bypass that lets an attacker cancel 2FA via the application UI and access entries. The vulnerability is evidenced in multiple databases (NVD, CVE listings) with a CVSSv3.1 base score of 6...

Devolutions Remote Desktop Manager 安全漏洞

Devolutions Remote Desktop Manager is an application from Devolutions Canada. It provides remote desktop management functionality. A security vulnerability exists in Devolutions Remote Desktop Manager version 2022.3.35 and earlier, which originates from allowing users to cancel two-factor...

CVE-2023-1574

Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user interface to obtain sensitive information via the error message dialog that displays the password in clear text...