Devolutions

Remote Desktop Manager

50 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2025-1193

  • EPSS 0.05%
  • Veröffentlicht 10.02.2025 14:15:30
  • Zuletzt bearbeitet 28.03.2025 16:20:35

Improper host validation in the certificate validation component in Devolutions Remote Desktop Manager on 2024.3.19 and earlier on Windows allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack by presenti...

8.8

CVE-2024-11621

  • EPSS 0.06%
  • Veröffentlicht 10.02.2025 14:15:29
  • Zuletzt bearbeitet 28.03.2025 16:20:47

Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack. Versions affected are : Remote Desktop Manager mac...

8.1

CVE-2024-12149

  • EPSS 0.23%
  • Veröffentlicht 04.12.2024 18:15:12
  • Zuletzt bearbeitet 28.03.2025 16:21:47

Incorrect permission assignment in temporary access requests component in Devolutions Remote Desktop Manager 2024.3.19.0 and earlier on Windows allows an authenticated user that request temporary permissions on an entry to obtain more privileges than...

4.3

CVE-2024-11672

  • EPSS 0.11%
  • Veröffentlicht 25.11.2024 15:15:07
  • Zuletzt bearbeitet 28.03.2025 16:21:52

Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows an authenticated malicious user to bypass the "Add" permission via the import in vault feature.

5.4

CVE-2024-11671

  • EPSS 0.08%
  • Veröffentlicht 25.11.2024 15:15:07
  • Zuletzt bearbeitet 28.03.2025 16:21:57

Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024.3.17 and earlier on Windows allows an authenticated user to bypass the MFA validation via data source switching.

5.4

CVE-2024-11670

  • EPSS 0.03%
  • Veröffentlicht 25.11.2024 15:15:05
  • Zuletzt bearbeitet 28.03.2025 16:22:03

Incorrect authorization in the permission validation component of Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows a malicious authenticated user to bypass the "View Password" permission via specific actions.

5.5

CVE-2024-7421

  • EPSS 0.1%
  • Veröffentlicht 25.09.2024 16:15:11
  • Zuletzt bearbeitet 17.03.2025 15:15:42

An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows allows local attackers with access to system logs to obtain session credentials via passwords included in command-line arguments when launching WinSCP se...

7.4

CVE-2024-6492

  • EPSS 0.55%
  • Veröffentlicht 16.07.2024 19:15:13
  • Zuletzt bearbeitet 28.03.2025 16:22:07

Exposure of Sensitive Information in edge browser session proxy feature in Devolutions Remote Desktop Manager 2024.2.14.0 and earlier on Windows allows an attacker to intercept proxy credentials via a specially crafted website.

7.2

CVE-2024-6354

  • EPSS 0.13%
  • Veröffentlicht 26.06.2024 17:15:27
  • Zuletzt bearbeitet 28.03.2025 16:19:33

Improper access control in PAM dashboard in Devolutions Remote Desktop Manager 2024.2.11 and earlier on Windows allows an authenticated user to bypass the execute permission via the use of the PAM dashboard.

9.8

CVE-2024-6057

  • EPSS 0.24%
  • Veröffentlicht 17.06.2024 13:15:53
  • Zuletzt bearbeitet 28.03.2025 16:23:36

Improper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024.1.31.0 and earlier allows an attacker that has compromised an access to an RDM instance to bypass the vault master password via the offline mode feature.