CVE-2024-7421

EPSS 0.1%
Veröffentlicht 25.09.2024 16:15:11
Zuletzt bearbeitet 17.03.2025 15:15:42
Quelle security@devolutions.net
CVE-Watchlists
Login
Unerledigt
Login

An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows allows local attackers with access to system logs to obtain session credentials via passwords included in command-line arguments when launching WinSCP sessions

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Devolutions ≫ Remote Desktop Manager Version < 2024.3.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.278

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

https://devolutions.net/security/advisories/DEVO-2024-0014

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-7421

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-7421

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-7421

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-7421