CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6057
https://notcve.org/view.php?id=CVE-2024-6057
17 Jun 2024 — Improper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024.1.31.0 and earlier allows an attacker that has compromised an access to an RDM instance to bypass the vault master password via the offline mode feature. La autenticación incorrecta en la función de contraseña de la bóveda en Devolutions Remote Desktop Manager 2024.1.31.0 y versiones anteriores permite que un atacante que haya comprometido el acceso a una instancia de RDM omita la contraseña maestra de la bóveda... • https://devolutions.net/security/advisories/DEVO-2024-0008 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3545
https://notcve.org/view.php?id=CVE-2024-3545
09 Apr 2024 — Improper permission handling in the vault offline cache feature in Devolutions Remote Desktop Manager 2024.1.20 and earlier on windows and Devolutions Server 2024.1.8 and earlier allows an attacker to access sensitive informations contained in the offline cache file by gaining access to a computer where the software is installed even though the offline mode is disabled. El manejo inadecuado de permisos en la función de caché fuera de línea de vault en Devolutions Remote Desktop Manager 2024.1.20 y versiones... • https://devolutions.net/security/advisories/DEVO-2024-0006 • CWE-281: Improper Preservation of Permissions •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2921
https://notcve.org/view.php?id=CVE-2024-2921
26 Mar 2024 — Improper access control in PAM vault permissions in Devolutions Server 2024.1.10.0 and earlier allows an authenticated user with access to the PAM to access unauthorized PAM entries via a specific set of permissions. El control de acceso inadecuado en los permisos de la bóveda de PAM en Devolutions Server 2024.1.6 y versiones anteriores permite que un usuario autenticado con acceso al PAM acceda a entradas de PAM no autorizadas a través de un conjunto específico de permisos. • https://devolutions.net/security/advisories/DEVO-2024-0005 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2915
https://notcve.org/view.php?id=CVE-2024-2915
26 Mar 2024 — Improper access control in PAM JIT elevation in Devolutions Server 2024.1.6 and earlier allows an attacker with access to the PAM JIT elevation feature to elevate themselves to unauthorized groups via a specially crafted request. El control de acceso inadecuado en la elevación de PAM JIT en Devolutions Server 2024.1.6 y versiones anteriores permite que un atacante con acceso a la función de elevación de PAM JIT se eleve a grupos no autorizados mediante una solicitud especialmente manipulada. • https://devolutions.net/security/advisories/DEVO-2024-0005 • CWE-863: Incorrect Authorization •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 2CVE-2024-2403
https://notcve.org/view.php?id=CVE-2024-2403
13 Mar 2024 — Improper cleanup in temporary file handling component in Devolutions Remote Desktop Manager 2024.1.12 and earlier on Windows allows an attacker that compromised a user endpoint, under specific circumstances, to access sensitive information via residual files in the temporary directory. La limpieza inadecuada en el componente de manejo de archivos temporales en Devolutions Remote Desktop Manager 2024.1.12 y versiones anteriores en Windows permite que un atacante que comprometió el endpoint de un usuario, baj... • https://github.com/ELIZEUOPAIN/CVE-2024-24035 • CWE-459: Incomplete Cleanup •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-1898
https://notcve.org/view.php?id=CVE-2024-1898
05 Mar 2024 — Improper access control in the notification feature in Devolutions Server 2023.3.14.0 and earlier allows a low privileged user to change notifications settings configured by an administrator. El control de acceso inadecuado en la función de notificación en Devolutions Server 2023.3.14.0 y versiones anteriores permite que un usuario con pocos privilegios cambie la configuración de notificaciones configurada por un administrador. • https://devolutions.net/security/advisories/DEVO-2024-0002 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-0589
https://notcve.org/view.php?id=CVE-2024-0589
31 Jan 2024 — Cross-site scripting (XSS) vulnerability in the entry overview tab in Devolutions Remote Desktop Manager 2023.3.36 and earlier on Windows allows an attacker with access to a data source to inject a malicious script via a specially crafted input in an entry. Vulnerabilidad de cross site scripting (XSS) en la pestaña de descripción general de la entrada en Devolutions Remote Desktop Manager 2023.3.36 y versiones anteriores en Windows permite a un atacante con acceso a una fuente de datos inyectar un script ma... • https://devolutions.net/security/advisories/DEVO-2024-0001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-7047
https://notcve.org/view.php?id=CVE-2023-7047
21 Dec 2023 — Inadequate validation of permissions when employing remote tools and macros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature. This affects only SQL data sources. La validación inadecuada de permisos al emplear herramientas remotas y macros a través del menú contextual dentro de las versiones 2023.3.31 y anteriores de Devolutions Remote Desktop Manager permite a un... • https://devolutions.net/security/advisories/DEVO-2023-0024 • CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-6593
https://notcve.org/view.php?id=CVE-2023-6593
12 Dec 2023 — Client side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS allows an attacker that has access to the application to execute entries in a SQL data source without restriction. La omisión de permisos del lado del cliente en Devolutions Remote Desktop Manager 2023.3.4.0 y versiones anteriores en iOS permite a un atacante que tiene acceso a la aplicación ejecutar entradas en una fuente de datos SQL sin restricciones. • https://devolutions.net/security/advisories/DEVO-2023-0023 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6588
https://notcve.org/view.php?id=CVE-2023-6588
07 Dec 2023 — Offline mode is always enabled, even if permission disallows it, in Devolutions Server data source in Devolutions Workspace 2023.3.2.0 and earlier. This allows an attacker with access to the Workspace application to access credentials when offline. El modo sin conexión siempre está habilitado, incluso si el permiso no lo permite, en la fuente de datos del servidor de Devolutions en Devolutions Workspace 2023.3.2.0 y versiones anteriores. Esto permite que un atacante con acceso a la aplicación Workspace acce... • https://devolutions.net/security/advisories/DEVO-2023-0022 •