CVE-2023-1202

Permission bypass when importing or synchronizing entries in User vault in Devolutions Remote Desktop Manager 2023.1.9 and prior versions allows users with restricted rights to bypass entry permission via id collision...

CVE-2023-1202

Devolutions Remote Desktop Manager (RDM) 2023.1.9 and earlier versions are affected by a permission-bypass flaw in the User vault: under ID collision, a user with restricted rights can bypass entry permissions during import or synchronization. The vulnerability affects the ability to control acce...

PT-2023-17110 · Devolutions · Devolutions Server

Name of the Vulnerable Software and Affected Versions: Devolutions Server versions 2022.3.13 and prior Description: The issue allows users with restricted rights to bypass entry permission via id collision when importing or synchronizing entries in the User vault. Recommendations: For Devolutions...

PT-2023-16817 · Devolutions · Devolutions Remote Desktop Manager

Name of the Vulnerable Software and Affected Versions: Devolutions Remote Desktop Manager versions 2023.1.9 and prior Description: The issue allows users with restricted rights to bypass entry permission via id collision when importing or synchronizing entries in the User vault. Recommendations:...

CVE-2023-1580

Uncontrolled resource consumption in the logging feature in Devolutions Gateway 2023.1.1 and earlier allows an attacker to cause a denial of service by filling up the disk and render the system unusable...

CVE-2023-1580

CVE-2023-1580 affects Devolutions Gateway 2023.1.1 and earlier. The underlying issue is uncontrolled resource consumption in the logging feature, which can be exploited by an attacker to cause a denial of service by filling up disk space, rendering the system unusable. The CVSS/metrics indicate n...

CVE-2023-1580

Uncontrolled resource consumption in the logging feature in Devolutions Gateway 2023.1.1 and earlier allows an attacker to cause a denial of service by filling up the disk and render the system unusable...

CVE-2023-1574

Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user interface to obtain sensitive information via the error message dialog that displays the password in clear text...

CVE-2023-1574

Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user interface to obtain sensitive information via the error message dialog that displays the password in clear text...

CVE-2023-1574

Devolutions Remote Desktop Manager ≤ 2023.1.9 (Windows) has an information-disclosure flaw in the MSSQL user-creation feature: the error dialog reveals the password in clear text when UI access is available. Impact is confidential data exposure with low user interaction, no exploitation vector be...

PT-2023-17090 · Devolutions · Devolutions Remote Desktop Manager

Name of the Vulnerable Software and Affected Versions: Devolutions Remote Desktop Manager versions 2023.1.9 and below Description: The issue concerns information disclosure in the user creation feature of a MSSQL data source. An attacker with access to the user interface can obtain sensitive...

PT-2023-17095 · Devolutions · Devolutions Gateway

Name of the Vulnerable Software and Affected Versions: Devolutions Gateway versions 2023.1.1 and earlier Description: The issue is related to uncontrolled resource consumption in the logging feature, which can be exploited by an attacker to cause a denial of service. This is achieved by filling u...

CVE-2023-1201

Improper access control in the secure messages feature in Devolutions Server 2022.3.12 and below allows an authenticated attacker that possesses the message UUID to access the data it contains...

CVE-2023-1201

Improper access control in the secure messages feature in Devolutions Server 2022.3.12 and below allows an authenticated attacker that possesses the message UUID to access the data it contains...

CVE-2023-1203

Improper removal of sensitive data in the entry edit feature of Hub Business submodule in Devolutions Remote Desktop Manager PowerShell Module 2022.3.1.5 and earlier allows an authenticated user to access sensitive data on entries that were edited using the affected submodule...

CVE-2023-1203

Improper removal of sensitive data in the entry edit feature of Hub Business submodule in Devolutions Remote Desktop Manager PowerShell Module 2022.3.1.5 and earlier allows an authenticated user to access sensitive data on entries that were edited using the affected submodule...

Improper access control

Improper access control in the secure messages feature in Devolutions Server 2022.3.12 and below allows an authenticated attacker that possesses the message UUID to access the data it contains...

Input validation

Improper removal of sensitive data in the entry edit feature of Hub Business submodule in Devolutions Remote Desktop Manager PowerShell Module 2022.3.1.5 and earlier allows an authenticated user to access sensitive data on entries that were edited using the affected submodule...

Devolutions Server 安全漏洞

Devolutions Server is an application from Devolutions Canada. provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2022.3.12 and prior versions that stems from improper access control. An attacker could exploit the...

Devolutions Remote Desktop Manager 安全漏洞

Devolutions Remote Desktop Manager is an application from Devolutions Canada. It provides remote desktop management functionality. A security vulnerability exists in Devolutions Remote Desktop Manager PowerShell Module version 2022.3.1.5 and prior versions, which stems from the incorrect deletion...