CVE-2023-4417
published 2023-08-21CVE-2023-4417: Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an…
PriorityP337medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.45%
35.8th percentile
Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances, to inadvertently share their personal vault entry with shared vaults via an incorrect vault in the duplication write process.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| devolutions | remote_desktop_manager | <= 2023.2.19 | — |
| msrc | microsoft_sharepoint_enterprise_server_2016 | — | — |
| msrc | microsoft_sharepoint_server_2019 | — | — |
| msrc | microsoft_sharepoint_server_subscription_edition | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vendor_msrc7.2HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wvwh-qqm2-5v6g: Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023
ghsa_unreviewed·2023-08-21
CVE-2023-4417 [MEDIUM] GHSA-wvwh-qqm2-5v6g: Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023
Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances, to inadvertently share their personal vault entry with shared vaults via an incorrect vault in the duplication write process.
Microsoft
Microsoft SharePoint Server Remote Code Execution Vulnerability
vendor_msrc·2023-05-09·CVSS 7.2
CVE-2023-24955 [HIGH] CWE-94 Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
FAQ: How could an attacker exploit the vulnerability?
In a network-based attack, an authenticated attacker as a Site Owner could execute code remotely on the SharePoint Server.
Microsoft Office SharePoint: Microsoft Office SharePoint
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A
Reference: https://www.microsoft.com/download/details.aspx?familyid=7a299fb3-33f2-4417-809d-7bf31da6d14e
Reference: https://support.microsoft.com/help/5002397
Reference: https://www.microsoft.com/download/details.aspx?familyid=c9190144-e85b-4ded-9b6f-cc9b295054f3
Reference: https://support.microsoft.co
Microsoft
Microsoft SharePoint Server Spoofing Vulnerability
vendor_msrc·2023-05-09·CVSS 6.5
CVE-2023-24950 [MEDIUM] CWE-20 Microsoft SharePoint Server Spoofing Vulnerability
Microsoft SharePoint Server Spoofing Vulnerability
FAQ: How could an attacker exploit the vulnerability?
In a network-based attack an attacker who has privileges to create a site on a vulnerable SharePoint server could use this vulnerability to cause the server to leak its NTLM hash.
Microsoft Office SharePoint: Microsoft Office SharePoint
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Spoofing
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A
Reference: https://www.microsoft.com/download/details.aspx?familyid=7a299fb3-33f2-4417-809d-7bf31da6d14e
Reference: https://support.microsoft.com/help/5002397
Reference: https://www.microsoft.com/download/details.aspx?familyid=c9190144-e85b-4ded-9b6f-cc9b295054f3
Referenc
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-08-21
Published