12 matches found
CVE-2022-2221
CVE-2022-2221 concerns an Information Exposure vulnerability in the Devolutions Remote Desktop Manager product. The issue affects versions prior to 2022.1.8 and resides in the My Account Settings area, where authenticated users could access credentials of other users. The connected documents conf...
CVE-2022-3781
CVE-2022-3781 affects Devolutions Remote Desktop Manager (versions 2022.2.26 and earlier) and Devolutions Server (versions 2022.3.1 and earlier). The root cause is that Dashlane passwords and Keepass Server passwords stored in My Account Settings are not encrypted in the database, allowing databa...
CVE-2023-1203
CVE-2023-1203 affects Devolutions Remote Desktop Manager PowerShell Module, Hub Business submodule. The vulnerability stems from improper removal of sensitive data during entry edits, allowing an authenticated user to access sensitive data on entries edited with the affected submodule. Affected v...
CVE-2025-2600
CVE-2025-2600 affects Devolutions Remote Desktop Manager for Windows. The vulnerability is an improper authorization in the variable component that allows an authenticated user to use the ELEVATED_PASSWORD variable despite the Allow password in variable policy. Affected versions include 2025.1.24...
CVE-2025-1635
CVE-2025-1635 affects Devolutions Remote Desktop Manager (Windows) versions 2024.3.29 and earlier. The hub data source export feature can expose a user’s authenticated session in the exported data due to a faulty business logic. This leads to potential information exposure with a CVSS v3.1 base s...
CVE-2023-1202
Devolutions Remote Desktop Manager (RDM) 2023.1.9 and earlier versions are affected by a permission-bypass flaw in the User vault: under ID collision, a user with restricted rights can bypass entry permissions during import or synchronization. The vulnerability affects the ability to control acce...
CVE-2025-1636
The CVE-2025-1636 issue affects Devolutions Remote Desktop Manager up to version 2024.3.29 on Windows, where a faulty business logic in the My Personal Credentials password history component can allow an authenticated user to inadvertently leak credentials from a shared vault via the clear histor...
CVE-2023-1574
Devolutions Remote Desktop Manager ≤ 2023.1.9 (Windows) has an information-disclosure flaw in the MSSQL user-creation feature: the error dialog reveals the password in clear text when UI access is available. Impact is confidential data exposure with low user interaction, no exploitation vector be...
CVE-2023-4417
The CVE-2023-4417 issue affects Devolutions Remote Desktop Manager for Windows up to 2023.2.19, caused by improper access controls in the entry duplication component. An authenticated user can, under certain conditions, share a personal vault entry with shared vaults via an incorrect vault during...
CVE-2023-1980
CVE-2023-1980: Devolutions Remote Desktop Manager (versions ≤ 2022.3.35) contains a two-factor authentication bypass that lets an attacker cancel 2FA via the application UI and access entries. The vulnerability is evidenced in multiple databases (NVD, CVE listings) with a CVSSv3.1 base score of 6...
CVE-2023-2282
Devolutions Remote Desktop Manager suffers improper access control in the Web Login listener (affecting 2023.1.22 and earlier). An authenticated user can bypass administrator-imposed Web Login restrictions and access restricted entries via an unexpected vector. The NVD CVE entry lists a MEDIUM/LO...
CVE-2025-13683
CVE-2025-13683 describes exposure of credentials via unintended requests in Devolutions Server and Devolutions Remote Desktop Manager on Windows. Affected versions: Devolutions Server up to 2025.3.8.0 and Remote Desktop Manager up to 2025.3.23.0. Impact is high confidentiality exposure over netwo...