CVE-2024-2403
published 2024-03-13CVE-2024-2403: Improper cleanup in temporary file handling component in Devolutions Remote Desktop Manager 2024.1.12 and earlier on Windows allows an attacker that…
PriorityP431medium5.9CVSS 3.1
AVNACHPRNUINSUCHINAN
EPSS
0.42%
33.8th percentile
Improper cleanup in temporary file handling component in Devolutions Remote Desktop Manager 2024.1.12 and
earlier on Windows allows an attacker that compromised a user endpoint, under specific circumstances, to access sensitive information via residual files in the temporary directory.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| devolutions | remote_desktop_manager | < 2024.1.15.0 | 2024.1.15.0 |
| devolutions | remote_desktop_manager | <= 2024.1.12 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qp87-27q4-8526: Improper cleanup in temporary file handling component in Devolutions Remote Desktop Manager 2024
ghsa_unreviewed·2024-03-13
CVE-2024-2403 [MEDIUM] CWE-459 GHSA-qp87-27q4-8526: Improper cleanup in temporary file handling component in Devolutions Remote Desktop Manager 2024
Improper cleanup in temporary file handling component in Devolutions Remote Desktop Manager 2024.1.12 and
earlier on Windows allows an attacker that compromised a user endpoint, under specific circumstances, to access sensitive information via residual files in the temporary directory.
Citrix
Citrix Workspace app for Windows Security Bulletin CVE-2024-6286
vendor_citrix·2024-07-11·CVSS 8.5
CVE-2024-6286 [HIGH] CWE-269 Citrix Workspace app for Windows Security Bulletin CVE-2024-6286
Citrix Workspace app for Windows Security Bulletin CVE-2024-6286
of Problem A vulnerability has been discovered that impacts the Citrix Workspace app for Windows. Refer to below for further details: Details
CVE References: CVE-2024-6286
Affected Products: Citrix Workspace app, XenServer
Severity: High
CVSS Score: 8.5
Remediation:
Citrix strongly recommends that customers upgrade their Citrix Workspace app for Windows to versions that contain the fixes as soon as possible. Citrix Workspace app for Windows versions that contain the fixes are: Current Release (CR) Citrix Workspace app for Windows 2403.1 and later versions Long Term Service Release (LTSR) Citrix Workspace app for Windows 2402 LTSR and later versions Citrix Workspace app for Windows 2203.1 LTSR CU6 Hotfix 2 and later version
Suricata
ET WEB_SPECIFIC_APPS Microsoft Configuration Manager Unauthenticated SQL Injection (CVE-2024-43468)
suricata·2025-01-27·CVSS 9.8
CVE-2024-43468 [CRITICAL] ET WEB_SPECIFIC_APPS Microsoft Configuration Manager Unauthenticated SQL Injection (CVE-2024-43468)
ET WEB_SPECIFIC_APPS Microsoft Configuration Manager Unauthenticated SQL Injection (CVE-2024-43468)
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Microsoft Configuration Manager Unauthenticated SQL Injection (CVE-2024-43468)"; flow:established,to_server; http.method; content:"CCM_POST"; http.uri; content:"/ccm_system/request"; fast_pattern; http.request_body; content:"U|00|I|00|D|00|:|00|"; pcre:"/^[^\x22]{36,100}[\x3b\x26\x60\x7c\x24]/R"; reference:url,www.synacktiv.com/advisories/microsoft-configuration-manager-configmgr-2403-unauthenticated-sql-injections; reference:cve,2024-43468; classtype:web-application-attack; sid:2059681; rev:2; metadata:attack_target Server, tls_state TLSDecrypt, created_at 2025_01_27, cve CVE_2024_43468, deployment Perimeter, de
No writeups or analysis indexed.
2024-03-13
Published