6 matches found
CVE-2022-1342
CVE-2022-1342 affects Devolutions Remote Desktop Manager (pre- and including 2022.1.24). The root cause is a lack of password masking and a caching issue that can leave sensitive fields visible when panels are closed and reopened, enabling physically proximate attackers to observe data. The conne...
CVE-2024-11672
CVE-2024-11672 affects Devolutions Remote Desktop Manager, with incorrect authorization in the Add permission component prior to 2024.2.22 on Windows. An authenticated user could bypass the Add permission via the vault import feature, exposing integrity (LOW) but not confidentiality/availability ...
CVE-2024-6055
CVE-2024-6055 affects Devolutions Remote Desktop Manager (Windows) via the data source export feature, with an improper removal of sensitive information in exports. Affected versions: 2024.1.32.0 and earlier. Impact: an attacker who obtains exported settings can recover PowerShell credentials con...
CVE-2024-3545
CVE-2024-3545 involves Devolutions Remote Desktop Manager (Windows) version 2024.1.20 and earlier, and Devolutions Server version 2024.1.8 and earlier. The vulnerability stems from improper permission handling in the vault offline cache feature, which could allow an attacker with access to the in...
CVE-2023-1939
CVE-2023-1939 concerns a lack of access control for the OTP key on OTP entries in Devolutions Remote Desktop Manager. Affected products: Windows 2022.3.33.0 and prior; Linux 2022.3.2.0 and prior. Impact: non-admin users can view OTP keys via the user interface. Root cause: insufficient authorizat...
CVE-2023-7047
The CVE-2023-7047 entry concerns Devolutions Remote Desktop Manager. Affected software: Devolutions Remote Desktop Manager versions 2023.3.31 and earlier. Root cause: inadequate validation of permissions when using remote tools and macros via the context menu. Impact: a user could initiate a conn...