Offline mode is always enabled, even if permission disallows it, inDevolutions Server data source in Devolutions Workspace 2023.3.2.0 andearlier. This allows an attacker with access to the Workspaceapplication to access credentials when offline.
6.5CVSS
6.4AI Score
0.0005EPSS
Client side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS allows an attacker that has access to the application to execute entries in a SQL data source without restriction.
9.8CVSS
9.3AI Score
0.001EPSS
Inadequate validation of permissions when employing remote tools andmacros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 andearlier permits a user to initiate a connection without proper executionrights via the remote tools feature. This affects only SQL data sou...
4.4CVSS
5.2AI Score
0.0004EPSS
Cross-site scripting (XSS) vulnerability in the entry overview tab in Devolutions Remote Desktop Manager 2023.3.36 and earlier on Windows allows an attacker with access to a data source to inject a malicious script via a specially crafted input in an entry.
5.4CVSS
5.3AI Score
0.0004EPSS