CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3182
https://notcve.org/view.php?id=CVE-2022-3182
13 Sep 2022 — Improper Access Control vulnerability in the Duo SMS two-factor of Devolutions Remote Desktop Manager 2022.2.14 and earlier allows attackers to bypass the application lock. This issue affects: Devolutions Remote Desktop Manager version 2022.2.14 and prior versions. Una vulnerabilidad de Control de Acceso Inapropiado en el doble factor Duo SMS de Devolutions Remote Desktop Manager 2022.2.14 y anteriores, permite a atacantes omitir un bloqueo de la aplicación. Este problema afecta a: Devolutions Remote Deskto... • https://devolutions.net/security/advisories/DEVO-2022-0007 • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2221
https://notcve.org/view.php?id=CVE-2022-2221
27 Jun 2022 — Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users. This issue affects: Devolutions Remote Desktop Manager versions prior to 2022.1.8. Una vulnerabilidad de exposición de información en My Account Settings de Devolutions Remote Desktop Manager versiones anteriores a 2022.1.8 permite a usuarios autenticados acceder a las credenciales de otros usuarios. Este problema afecta a: Devolutio... • https://devolutions.net/security/advisories/DEVO-2022-0004 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33995
https://notcve.org/view.php?id=CVE-2022-33995
21 Jun 2022 — A path traversal issue in entry attachments in Devolutions Remote Desktop Manager before 2022.2 allows attackers to create or overwrite files in an arbitrary location. Un problema de salto de ruta en los archivos adjuntos de entrada en Devolutions Remote Desktop Manager versiones anteriores a 2022.2, permite a atacantes crear o sobrescribir archivos en una ubicación arbitraria • https://devolutions.net • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1342
https://notcve.org/view.php?id=CVE-2022-1342
15 Jun 2022 — A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. A caching issue can cause sensitive fields to sometimes stay revealed when closing and reopening a panel, which could lead to involuntarily disclosing sensitive information. This issue affects: Devolutions Remote Desktop Manager 2022.1.24 version and prior versions. Una falta de enmascaramiento de contraseñas en Devolutions Remote Desktop Manager permite a atacantes físicamente p... • https://devolutions.net/security/advisories/DEVO-2022-0003 • CWE-522: Insufficiently Protected Credentials CWE-549: Missing Password Field Masking •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42098
https://notcve.org/view.php?id=CVE-2021-42098
18 Oct 2021 — An incomplete permission check on entries in Devolutions Remote Desktop Manager before 2021.2.16 allows attackers to bypass permissions via batch custom PowerShell. Una comprobación de permisos incompleta en las entradas de Devolutions Remote Desktop Manager versiones anteriores a 2021.2.16, permite a atacantes omitir los permisos por medio de PowerShell personalizado por lotes • https://devolutions.net • CWE-276: Incorrect Default Permissions •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23922
https://notcve.org/view.php?id=CVE-2021-23922
01 Apr 2021 — An issue was discovered in Devolutions Remote Desktop Manager before 2020.2.12. There is a cross-site scripting (XSS) vulnerability in webviews. Se detectó un problema en Devolutions Remote Desktop Manager versiones anteriores a 2020.2.12. Se presenta una vulnerabilidad de tipo cross-site scripting en las vistas web. • https://devolutions.net/security/advisories/devo-2021-0001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-28047
https://notcve.org/view.php?id=CVE-2021-28047
01 Apr 2021 — Cross-Site Scripting (XSS) in Administrative Reports in Devolutions Remote Desktop Manager before 2021.1 allows remote authenticated users to inject arbitrary web script or HTML via multiple input fields. Cross-Site Scripting (XSS) en Administrative Reports en Devolutions Remote Desktop Manager versiones anteriores a 2021.1, permite a los usuarios autenticados remotamente inyectar scripts web o HTML arbitrarios a través de múltiples campos de entrada. • https://devolutions.net/security/advisories/devo-2021-0003 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •