CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1980
https://notcve.org/view.php?id=CVE-2023-1980
Two factor authentication bypass on login in Devolutions Remote Desktop Manager 2022.3.35 and earlier allow user to cancel the two factor authentication via the application user interface and open entries. • https://devolutions.net/security/advisories/DEVO-2023-0009 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1202
https://notcve.org/view.php?id=CVE-2023-1202
Permission bypass when importing or synchronizing entries in User vault in Devolutions Remote Desktop Manager 2023.1.9 and prior versions allows users with restricted rights to bypass entry permission via id collision. • https://devolutions.net/security/advisories/DEVO-2023-0008 • CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1574
https://notcve.org/view.php?id=CVE-2023-1574
Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user interface to obtain sensitive information via the error message dialog that displays the password in clear text. • https://devolutions.net/security/advisories/DEVO-2023-0006 • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4287
https://notcve.org/view.php?id=CVE-2022-4287
Authentication bypass in local application lock feature in Devolutions Remote Desktop Manager 2022.3.26 and earlier on Windows allows malicious user to access the application. La omisión de autenticación en la función de bloqueo de aplicaciones locales en Devolutions Remote Desktop Manager 2022.3.26 y versiones anteriores en Windows permite que usuarios malintencionados accedan a la aplicación. • https://devolutions.net/security/advisories/DEVO-2022-0011 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3641
https://notcve.org/view.php?id=CVE-2022-3641
Elevation of privilege in the Azure SQL Data Source in Devolutions Remote Desktop Manager 2022.3.13 to 2022.3.24 allows an authenticated user to spoof a privileged account. La elevación de privilegios en la fuente de datos SQL de Azure en Devolutions Remote Desktop Manager 2022.3.13 a 2022.3.24 permite a un usuario autenticado falsificar una cuenta privilegiada. • https://devolutions.net/security/advisories/DEVO-2022-0010 •