Lucene search
K
DevolutionsRemote Desktop Manager

12 matches found

CVE
CVE
added 2022/06/27 6:38 p.m.80 views

CVE-2022-2221

CVE-2022-2221 concerns an Information Exposure vulnerability in the Devolutions Remote Desktop Manager product. The issue affects versions prior to 2022.1.8 and resides in the My Account Settings area, where authenticated users could access credentials of other users. The connected documents conf...

6.5CVSS6.3AI score0.01108EPSS
CVE
CVE
added 2022/11/01 6:28 p.m.75 views

CVE-2022-3781

CVE-2022-3781 affects Devolutions Remote Desktop Manager (versions 2022.2.26 and earlier) and Devolutions Server (versions 2022.3.1 and earlier). The root cause is that Dashlane passwords and Keepass Server passwords stored in My Account Settings are not encrypted in the database, allowing databa...

6.5CVSS6.5AI score0.00434EPSS
CVE
CVE
added 2023/03/06 4:38 p.m.74 views

CVE-2023-1203

CVE-2023-1203 affects Devolutions Remote Desktop Manager PowerShell Module, Hub Business submodule. The vulnerability stems from improper removal of sensitive data during entry edits, allowing an authenticated user to access sensitive data on entries edited with the affected submodule. Affected v...

6.5CVSS6.4AI score0.01056EPSS
CVE
CVE
added 2025/03/26 5:37 p.m.74 views

CVE-2025-2600

CVE-2025-2600 affects Devolutions Remote Desktop Manager for Windows. The vulnerability is an improper authorization in the variable component that allows an authenticated user to use the ELEVATED_PASSWORD variable despite the Allow password in variable policy. Affected versions include 2025.1.24...

6.8CVSS6.4AI score0.00384EPSS
CVE
CVE
added 2025/03/13 12:47 p.m.73 views

CVE-2025-1635

CVE-2025-1635 affects Devolutions Remote Desktop Manager (Windows) versions 2024.3.29 and earlier. The hub data source export feature can expose a user’s authenticated session in the exported data due to a faulty business logic. This leads to potential information exposure with a CVSS v3.1 base s...

6.5CVSS6.1AI score0.01585EPSS
CVE
CVE
added 2023/03/23 5:12 p.m.71 views

CVE-2023-1202

Devolutions Remote Desktop Manager (RDM) 2023.1.9 and earlier versions are affected by a permission-bypass flaw in the User vault: under ID collision, a user with restricted rights can bypass entry permissions during import or synchronization. The vulnerability affects the ability to control acce...

6.5CVSS6.5AI score0.00439EPSS
CVE
CVE
added 2025/03/13 12:47 p.m.62 views

CVE-2025-1636

The CVE-2025-1636 issue affects Devolutions Remote Desktop Manager up to version 2024.3.29 on Windows, where a faulty business logic in the My Personal Credentials password history component can allow an authenticated user to inadvertently leak credentials from a shared vault via the clear histor...

6.5CVSS6.3AI score0.01585EPSS
CVE
CVE
added 2023/03/22 12:50 p.m.54 views

CVE-2023-1574

Devolutions Remote Desktop Manager ≤ 2023.1.9 (Windows) has an information-disclosure flaw in the MSSQL user-creation feature: the error dialog reveals the password in clear text when UI access is available. Impact is confidential data exposure with low user interaction, no exploitation vector be...

6.5CVSS6.3AI score0.00482EPSS
CVE
CVE
added 2023/08/21 6:38 p.m.54 views

CVE-2023-4417

The CVE-2023-4417 issue affects Devolutions Remote Desktop Manager for Windows up to 2023.2.19, caused by improper access controls in the entry duplication component. An authenticated user can, under certain conditions, share a personal vault entry with shared vaults via an incorrect vault during...

6.5CVSS6.4AI score0.00448EPSS
CVE
CVE
added 2023/04/11 5:44 p.m.47 views

CVE-2023-1980

CVE-2023-1980: Devolutions Remote Desktop Manager (versions ≤ 2022.3.35) contains a two-factor authentication bypass that lets an attacker cancel 2FA via the application UI and access entries. The vulnerability is evidenced in multiple databases (NVD, CVE listings) with a CVSSv3.1 base score of 6...

6.5CVSS6.6AI score0.00515EPSS
CVE
CVE
added 2023/04/25 6:23 p.m.40 views

CVE-2023-2282

Devolutions Remote Desktop Manager suffers improper access control in the Web Login listener (affecting 2023.1.22 and earlier). An authenticated user can bypass administrator-imposed Web Login restrictions and access restricted entries via an unexpected vector. The NVD CVE entry lists a MEDIUM/LO...

6.5CVSS6.5AI score0.00422EPSS
CVE
CVE
added 2025/11/28 5:0 p.m.19 views

CVE-2025-13683

CVE-2025-13683 describes exposure of credentials via unintended requests in Devolutions Server and Devolutions Remote Desktop Manager on Windows. Affected versions: Devolutions Server up to 2025.3.8.0 and Remote Desktop Manager up to 2025.3.23.0. Impact is high confidentiality exposure over netwo...

6.5CVSS6.7AI score0.00346EPSS