37 matches found
CVE-2021-42098
CVE-2021-42098 affects Devolutions Remote Desktop Manager; there is an incomplete permission check on entries prior to version 2021.2.16, allowing permission bypass via batch custom PowerShell. The available connected documents indicate the issue stems from improper access control rather than a v...
CVE-2021-23922
CVE-2021-23922 refers to a cross-site scripting (XSS) vulnerability in Devolutions Remote Desktop Manager (webviews) affecting versions prior to 2020.2.12 . The issue is documented across multiple sources (NVD/CNVD/CVE listings) with CVSS metrics indicating a network-exposed vulnerability, mitiga...
CVE-2022-3182
CVE-2022-3182 affects Devolutions Remote Desktop Manager (DRDM) version 2022.2.14 and earlier, due to an Improper Access Control vulnerability in the Duo SMS two-factor authentication that allows bypassing the application lock. The issue is documented across multiple sources (including Red Hat an...
CVE-2022-4287
The CVE-2022-4287 vulnerability affects Devolutions Remote Desktop Manager for Windows, specifically versions 2022.3.26 and earlier, where an authentication bypass in the local application lock feature allows a malicious user to access the application. The connected documents provide the affected...
CVE-2025-1193
CVE-2025-1193 affects Devolutions Remote Desktop Manager (Windows) prior to 2024.3.20.0, with the root cause described as improper host validation in the certificate validation component for 2024.3.19 and earlier. The vulnerability enables an attacker to intercept and modify encrypted communicati...
CVE-2022-2221
CVE-2022-2221 concerns an Information Exposure vulnerability in the Devolutions Remote Desktop Manager product. The issue affects versions prior to 2022.1.8 and resides in the My Account Settings area, where authenticated users could access credentials of other users. The connected documents conf...
CVE-2022-3780
CVE-2022-3780 affects Devolutions Remote Desktop Manager, with the vulnerability arising from deleted users’ database connections staying active on MySQL data sources. This can allow deleted users to access unauthorized data in Remote Desktop Manager 2022.3.7 and prior versions. The issue is docu...
CVE-2022-3781
CVE-2022-3781 affects Devolutions Remote Desktop Manager (versions 2022.2.26 and earlier) and Devolutions Server (versions 2022.3.1 and earlier). The root cause is that Dashlane passwords and Keepass Server passwords stored in My Account Settings are not encrypted in the database, allowing databa...
CVE-2024-7421
The vulnerability CVE-2024-7421 affects Devolutions Remote Desktop Manager (versions up to 2024.2.20.0) on Windows. The issue is an information exposure where credentials used for WinSCP sessions can be retrieved by local attackers who can access system logs, via passwords found in command-line a...
CVE-2021-28047
CVE-2021-28047 affects Devolutions Remote Desktop Manager. The vulnerability is a Cross-Site Scripting (XSS) in Administration Reports present in versions prior to 2021.1, exploitable by a remote authenticated user who can inject arbitrary web script or HTML via multiple input fields. The connect...
CVE-2025-2600
CVE-2025-2600 affects Devolutions Remote Desktop Manager for Windows. The vulnerability is an improper authorization in the variable component that allows an authenticated user to use the ELEVATED_PASSWORD variable despite the Allow password in variable policy. Affected versions include 2025.1.24...
CVE-2022-26964
The CVE-2022-26964 entry concerns Devolutions Remote Desktop Manager prior to version 2022.1, where weak password derivation for export enables information disclosure via a password brute-force attack. The underlying issue is an error that causes base64 to be decoded, contributing to the weakness...
CVE-2023-1202
Devolutions Remote Desktop Manager (RDM) 2023.1.9 and earlier versions are affected by a permission-bypass flaw in the User vault: under ID collision, a user with restricted rights can bypass entry permissions during import or synchronization. The vulnerability affects the ability to control acce...
CVE-2025-1635
CVE-2025-1635 affects Devolutions Remote Desktop Manager (Windows) versions 2024.3.29 and earlier. The hub data source export feature can expose a user’s authenticated session in the exported data due to a faulty business logic. This leads to potential information exposure with a CVSS v3.1 base s...
CVE-2025-5334
CVE-2025-5334 affects Devolutions Remote Desktop Manager across Windows, macOS, Android, and iOS. The issue is a private information exposure in the user vaults component where, under certain conditions, entries edited by their owners can be moved from user vaults to shared vaults, making private...
CVE-2023-1203
CVE-2023-1203 affects Devolutions Remote Desktop Manager PowerShell Module, Hub Business submodule. The vulnerability stems from improper removal of sensitive data during entry edits, allowing an authenticated user to access sensitive data on entries edited with the affected submodule. Affected v...
CVE-2024-12149
Affected software: Devolutions Remote Desktop Manager (Windows) up to version 2024.3.19.0 and earlier. Issue: Incorrect permission assignment in the Temporary Access Requests component, enabling an authenticated user who requests temporary permissions on an entry to obtain more privileges than re...
CVE-2022-33995
CVE-2022-33995 describes a path traversal in Devolutions Remote Desktop Manager (RDM) prior to version 2022.2, specifically in the handling of entry attachments. The root cause is a path traversal flaw that could allow an attacker to create or overwrite files in arbitrary locations on the affecte...
CVE-2024-11671
CVE-2024-11671 concerns Devolutions Remote Desktop Manager on Windows. Multiple sources confirm an improper authentication flaw in the SQL data source MFA validation, enabling an authenticated user to bypass MFA by switching data sources. Affected product/version: Devolutions Remote Desktop Manag...
CVE-2024-11672
CVE-2024-11672 affects Devolutions Remote Desktop Manager, with incorrect authorization in the Add permission component prior to 2024.2.22 on Windows. An authenticated user could bypass the Add permission via the vault import feature, exposing integrity (LOW) but not confidentiality/availability ...
CVE-2025-2499
CVE-2025-2499 affects Devolutions Remote Desktop Manager for Windows. The issue is a client-side access control bypass in the permission component, allowing an authenticated user to bypass specific restrictions (View Password, Edit Asset, Edit Permissions) by performing certain actions. Affected ...
CVE-2025-2528
CVE-2025-2528 in Devolutions Remote Desktop Manager for Windows is due to improper authorization in the application password policy, allowing an authenticated user to use a configuration not mandated by admins. Affected versions span 2024.3.29 and earlier, and 2025.1.24–2025.1.25. Remediation is ...
CVE-2025-1636
The CVE-2025-1636 issue affects Devolutions Remote Desktop Manager up to version 2024.3.29 on Windows, where a faulty business logic in the My Personal Credentials password history component can allow an authenticated user to inadvertently leak credentials from a shared vault via the clear histor...
CVE-2025-2562
CVE-2025-2562 describes insufficient logging in the autotyping feature of Devolutions Remote Desktop Manager for Windows, enabling an authenticated user to use a stored password without generating a log event. Affected versions are 2025.1.24–2025.1.25 and all versions up to 2024.3.29. Remediation...
CVE-2023-1574
Devolutions Remote Desktop Manager ≤ 2023.1.9 (Windows) has an information-disclosure flaw in the MSSQL user-creation feature: the error dialog reveals the password in clear text when UI access is available. Impact is confidential data exposure with low user interaction, no exploitation vector be...
CVE-2024-6354
CVE-2024-6354 affects Devolutions Remote Desktop Manager (Windows) 2024.2.11 and earlier. The issue is an improper access control in the PAM dashboard that allows an authenticated user to bypass the execute permission via the PAM dashboard. The vulnerability is reported with a high impact (C/H, I...
CVE-2024-11621
CVE-2024-11621 concerns missing certificate validation in Devolutions Remote Desktop Manager across macOS, iOS, Android, Linux and related tooling. The issue enables a man‑in‑the‑middle attack by intercepting and modifying encrypted communications, with impact described as high (confidentiality, ...
CVE-2024-6055
CVE-2024-6055 affects Devolutions Remote Desktop Manager (Windows) via the data source export feature, with an improper removal of sensitive information in exports. Affected versions: 2024.1.32.0 and earlier. Impact: an attacker who obtains exported settings can recover PowerShell credentials con...
CVE-2024-6057
CVE-2024-6057 affects Devolutions Remote Desktop Manager (RDM) 2024.1.31.0 and earlier, specifically the vault password feature. The underlying issue is improper authentication that could allow an attacker who already has access to an RDM instance to bypass the vault master password via the offli...
CVE-2024-6492
Affected software: Devolutions Remote Desktop Manager (Windows)
CVE-2023-6593
CVE-2023-6593 concerns a client-side permission bypass in Devolutions Remote Desktop Manager (iOS) 2023.3.4.0 and earlier. According to Red Hat and related sources, an attacker who has access to the application can execute entries in a SQL data source without restriction. The vulnerability is des...
CVE-2024-2403
CVE-2024-2403 affects Devolutions Remote Desktop Manager prior to 2024.1.12 on Windows. The root cause is improper cleanup in the temporary file handling component, which may allow an attacker who has already compromised a user endpoint to access sensitive information via residual files in the te...
CVE-2024-3545
CVE-2024-3545 involves Devolutions Remote Desktop Manager (Windows) version 2024.1.20 and earlier, and Devolutions Server version 2024.1.8 and earlier. The vulnerability stems from improper permission handling in the vault offline cache feature, which could allow an attacker with access to the in...
CVE-2023-6288
The CVE-2023-6288 vulnerability affects Devolutions Remote Desktop Manager on macOS (versions 2023.3.9.3 and earlier). The issue is a code injection flaw triggered by the DYLIB_INSERT_LIBRARIES environment variable, enabling a local attacker to execute code. The available references describe the ...
CVE-2025-13683
CVE-2025-13683 describes exposure of credentials via unintended requests in Devolutions Server and Devolutions Remote Desktop Manager on Windows. Affected versions: Devolutions Server up to 2025.3.8.0 and Remote Desktop Manager up to 2025.3.23.0. Impact is high confidentiality exposure over netwo...
CVE-2026-12161
CVE-2026-12161 affects Devolutions Remote Desktop Manager 2026.2.7. The flaw is in the SSH Elevate Shell feature, where improper input validation allows an authenticated user (with permission to create/modify a shared SSH entry) to run arbitrary commands on a remote SSH host using stored elevatio...
CVE-2026-12162
The CVE-2026-12162 entry affects Devolutions Remote Desktop Manager 2026.2.8, due to an improper host validation in the social login autofill feature. The underlying issue allows an attacker to disclose stored social login credentials by pointing a crafted web entry to a provider domain that look...