7 matches found
CVE-2021-42098
CVE-2021-42098 affects Devolutions Remote Desktop Manager; there is an incomplete permission check on entries prior to version 2021.2.16, allowing permission bypass via batch custom PowerShell. The available connected documents indicate the issue stems from improper access control rather than a v...
CVE-2022-4287
The CVE-2022-4287 vulnerability affects Devolutions Remote Desktop Manager for Windows, specifically versions 2022.3.26 and earlier, where an authentication bypass in the local application lock feature allows a malicious user to access the application. The connected documents provide the affected...
CVE-2025-1193
CVE-2025-1193 affects Devolutions Remote Desktop Manager (Windows) prior to 2024.3.20.0, with the root cause described as improper host validation in the certificate validation component for 2024.3.19 and earlier. The vulnerability enables an attacker to intercept and modify encrypted communicati...
CVE-2022-3641
CVE-2022-3641 affects Devolutions Remote Desktop Manager: versions 2022.3.13–2022.3.24 expose an elevation-of-privilege vulnerability via the Azure SQL Data Source, allowing an authenticated user to spoof a privileged account. Root cause and technical details are described across multiple connect...
CVE-2024-12149
Affected software: Devolutions Remote Desktop Manager (Windows) up to version 2024.3.19.0 and earlier. Issue: Incorrect permission assignment in the Temporary Access Requests component, enabling an authenticated user who requests temporary permissions on an entry to obtain more privileges than re...
CVE-2024-11621
CVE-2024-11621 concerns missing certificate validation in Devolutions Remote Desktop Manager across macOS, iOS, Android, Linux and related tooling. The issue enables a man‑in‑the‑middle attack by intercepting and modifying encrypted communications, with impact described as high (confidentiality, ...
CVE-2026-12161
CVE-2026-12161 affects Devolutions Remote Desktop Manager 2026.2.7. The flaw is in the SSH Elevate Shell feature, where improper input validation allows an authenticated user (with permission to create/modify a shared SSH entry) to run arbitrary commands on a remote SSH host using stored elevatio...