CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2221
https://notcve.org/view.php?id=CVE-2022-2221
Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users. This issue affects: Devolutions Remote Desktop Manager versions prior to 2022.1.8. Una vulnerabilidad de exposición de información en My Account Settings de Devolutions Remote Desktop Manager versiones anteriores a 2022.1.8 permite a usuarios autenticados acceder a las credenciales de otros usuarios. Este problema afecta a: Devolutions Remote Desktop Manager versiones anteriores a 2022.1.8 • https://devolutions.net/security/advisories/DEVO-2022-0004 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33995
https://notcve.org/view.php?id=CVE-2022-33995
A path traversal issue in entry attachments in Devolutions Remote Desktop Manager before 2022.2 allows attackers to create or overwrite files in an arbitrary location. Un problema de salto de ruta en los archivos adjuntos de entrada en Devolutions Remote Desktop Manager versiones anteriores a 2022.2, permite a atacantes crear o sobrescribir archivos en una ubicación arbitraria • https://devolutions.net • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1342
https://notcve.org/view.php?id=CVE-2022-1342
A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. A caching issue can cause sensitive fields to sometimes stay revealed when closing and reopening a panel, which could lead to involuntarily disclosing sensitive information. This issue affects: Devolutions Remote Desktop Manager 2022.1.24 version and prior versions. Una falta de enmascaramiento de contraseñas en Devolutions Remote Desktop Manager permite a atacantes físicamente próximos observar datos confidenciales. Un problema de almacenamiento en caché puede causar que los campos confidenciales a veces permanezcan revelados cuando es cerrado y vuelve a abrir un panel, lo que podría conllevar a una revelación involuntaria de información confidencial. • https://devolutions.net/security/advisories/DEVO-2022-0003 • CWE-522: Insufficiently Protected Credentials CWE-549: Missing Password Field Masking •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42098
https://notcve.org/view.php?id=CVE-2021-42098
An incomplete permission check on entries in Devolutions Remote Desktop Manager before 2021.2.16 allows attackers to bypass permissions via batch custom PowerShell. Una comprobación de permisos incompleta en las entradas de Devolutions Remote Desktop Manager versiones anteriores a 2021.2.16, permite a atacantes omitir los permisos por medio de PowerShell personalizado por lotes • https://devolutions.net https://devolutions.net/security/advisories/DEVO-2021-0006 • CWE-276: Incorrect Default Permissions •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23922
https://notcve.org/view.php?id=CVE-2021-23922
An issue was discovered in Devolutions Remote Desktop Manager before 2020.2.12. There is a cross-site scripting (XSS) vulnerability in webviews. Se detectó un problema en Devolutions Remote Desktop Manager versiones anteriores a 2020.2.12. Se presenta una vulnerabilidad de tipo cross-site scripting en las vistas web. • https://devolutions.net/security/advisories/devo-2021-0001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •