10 matches found
CVE-2021-23922
CVE-2021-23922 refers to a cross-site scripting (XSS) vulnerability in Devolutions Remote Desktop Manager (webviews) affecting versions prior to 2020.2.12 . The issue is documented across multiple sources (NVD/CNVD/CVE listings) with CVSS metrics indicating a network-exposed vulnerability, mitiga...
CVE-2024-7421
The vulnerability CVE-2024-7421 affects Devolutions Remote Desktop Manager (versions up to 2024.2.20.0) on Windows. The issue is an information exposure where credentials used for WinSCP sessions can be retrieved by local attackers who can access system logs, via passwords found in command-line a...
CVE-2021-28047
CVE-2021-28047 affects Devolutions Remote Desktop Manager. The vulnerability is a Cross-Site Scripting (XSS) in Administration Reports present in versions prior to 2021.1, exploitable by a remote authenticated user who can inject arbitrary web script or HTML via multiple input fields. The connect...
CVE-2024-11670
The CVE-2024-11670 issue affects Devolutions Remote Desktop Manager (Windows) versions 2024.2.21 and earlier, due to incorrect authorization in the permission validation component that lets an authenticated user bypass the View Password permission. Documents from Red Hat, Tenable Nessus, CVE list...
CVE-2024-11671
CVE-2024-11671 concerns Devolutions Remote Desktop Manager on Windows. Multiple sources confirm an improper authentication flaw in the SQL data source MFA validation, enabling an authenticated user to bypass MFA by switching data sources. Affected product/version: Devolutions Remote Desktop Manag...
CVE-2025-2499
CVE-2025-2499 affects Devolutions Remote Desktop Manager for Windows. The issue is a client-side access control bypass in the permission component, allowing an authenticated user to bypass specific restrictions (View Password, Edit Asset, Edit Permissions) by performing certain actions. Affected ...
CVE-2024-0589
CVE-2024-0589 is an XSS vulnerability in Devolutions Remote Desktop Manager (RDM) for Windows, affecting version 2023.3.36 and earlier. The issue resides in the entry overview tab, where an attacker with access to a data source can inject a malicious script via a specially crafted input in an ent...
CVE-2025-2562
CVE-2025-2562 describes insufficient logging in the autotyping feature of Devolutions Remote Desktop Manager for Windows, enabling an authenticated user to use a stored password without generating a log event. Affected versions are 2025.1.24–2025.1.25 and all versions up to 2024.3.29. Remediation...
CVE-2024-2403
CVE-2024-2403 affects Devolutions Remote Desktop Manager prior to 2024.1.12 on Windows. The root cause is improper cleanup in the temporary file handling component, which may allow an attacker who has already compromised a user endpoint to access sensitive information via residual files in the te...
CVE-2026-12162
The CVE-2026-12162 entry affects Devolutions Remote Desktop Manager 2026.2.8, due to an improper host validation in the social login autofill feature. The underlying issue allows an attacker to disclose stored social login credentials by pointing a crafted web entry to a provider domain that look...