cbcvebase.

Devolutions Remote Desktop Manager vulnerabilities

53 known vulnerabilities affecting devolutions/remote_desktop_manager.

Total CVEs
53
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL6HIGH16MEDIUM28LOW3

Vulnerabilities

Page 2 of 3
CVE-2023-1980P3MEDIUMCVSS 6.5≤ 2022.3.352023-04-11
CVE-2023-1980 [MEDIUM] CWE-287 CVE-2023-1980: Two factor authentication bypass on login in Devolutions Remote Desktop Manager 2022.3.35 and ear Two factor authentication bypass on login in Devolutions Remote Desktop Manager 2022.3.35 and earlier allow user to cancel the two factor authentication via the application user interface and open entries.
nvd
CVE-2023-2282P3MEDIUMCVSS 6.5≤ 2023.1.222023-04-25
CVE-2023-2282 [MEDIUM] CVE-2023-2282: Improper access control in the Web Login listener in Devolutions Remote Desktop Manager 2023.1.22 an Improper access control in the Web Login listener in Devolutions Remote Desktop Manager 2023.1.22 and earlier on Windows allows an authenticated user to bypass administrator-enforced Web Login restrictions and gain access to entries via an unexpected vector.
nvd
CVE-2025-13683P3MEDIUMCVSS 6.5fixed in 2025.3.25.0≤ 2025.3.23.02025-11-28
CVE-2025-13683 [MEDIUM] CWE-200 CVE-2025-13683: Exposure of credentials in unintended requests in Devolutions Server, Remote Desktop Manager on Wind Exposure of credentials in unintended requests in Devolutions Server, Remote Desktop Manager on Windows.This issue affects Devolutions Server: through 2025.3.8.0; Remote Desktop Manager: through 2025.3.23.0.
nvd
CVE-2025-1636P3MEDIUMCVSS 6.5fixed in 2024.3.31.0≤ 2024.3.29.02025-03-13
CVE-2025-1636 [MEDIUM] CWE-200 CVE-2025-1636: Exposure of sensitive information in My Personal Credentials password history component in Devolutio Exposure of sensitive information in My Personal Credentials password history component in Devolutions Remote Desktop Manager 2024.3.29 and earlier on Windows allows an authenticated user to inadvertently leak the My Personal Credentials in a shared vault via the clear history feature due to faulty business logic.
nvd
CVE-2022-26964P3HIGHCVSS 7.5fixed in 2022.12022-12-26
CVE-2022-26964 [HIGH] CWE-307 CVE-2022-26964: Weak password derivation for export in Devolutions Remote Desktop Manager before 2022.1 allows infor Weak password derivation for export in Devolutions Remote Desktop Manager before 2022.1 allows information disclosure via a password brute-force attack. An error caused base64 to be decoded.
nvd
CVE-2025-1635P3MEDIUMCVSS 6.5fixed in 2024.3.31.0≤ 2024.3.29.02025-03-13
CVE-2025-1635 [MEDIUM] CWE-200 CVE-2025-1635: Exposure of sensitive information in hub data source export feature in Devolutions Remote Desktop Ma Exposure of sensitive information in hub data source export feature in Devolutions Remote Desktop Manager 2024.3.29 and earlier on Windows allows a user exporting a hub data source to include his authenticated session in the export due to faulty business logic.
nvd
CVE-2022-2221P3MEDIUMCVSS 6.5fixed in 2022.1.8≥ 2022.1.8, < 2022.1.82022-06-27
CVE-2022-2221 [MEDIUM] CWE-200 CVE-2022-2221: Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager befo Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users. This issue affects: Devolutions Remote Desktop Manager versions prior to 2022.1.8.
nvd
CVE-2023-4417P3MEDIUMCVSS 6.5≤ 2023.2.192023-08-21
CVE-2023-4417 [MEDIUM] CVE-2023-4417: Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 20 Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances, to inadvertently share their personal vault entry with shared vaults via an incorrect vault in the duplication write process.
nvd
CVE-2022-3781P3MEDIUMCVSS 6.5fixed in 2022.2.27≤ 2022.2.262022-11-01
CVE-2022-3781 [MEDIUM] CWE-311 CVE-2022-3781: Dashlane password and Keepass Server password in My Account Settings are not encrypted in the datab Dashlane password and Keepass Server password in My Account Settings are not encrypted in the database in Devolutions Remote Desktop Manager 2022.2.26 and prior versions and Devolutions Server 2022.3.1 and prior versions which allows database users to read the data. This issue affects : Remote Desktop Manager 2022.2.26 and prior versions. Devolutions
nvd
CVE-2023-1203P3MEDIUMCVSS 6.5fixed in 2022.3.1.62023-03-10
CVE-2023-1203 [MEDIUM] CWE-200 CVE-2023-1203: Improper removal of sensitive data in the entry edit feature of Hub Business submodule in Devolution Improper removal of sensitive data in the entry edit feature of Hub Business submodule in Devolutions Remote Desktop Manager PowerShell Module 2022.3.1.5 and earlier allows an authenticated user to access sensitive data on entries that were edited using the affected submodule.
nvd
CVE-2025-2600P3MEDIUMCVSS 6.8fixed in 2024.3.31.0≥ 2025.1.24.0, < 2025.1.26.0+2 more2025-03-26
CVE-2025-2600 [MEDIUM] CWE-285 CVE-2025-2600: Improper authorization in the variable component in Devolutions Remote Desktop Manager on Windows al Improper authorization in the variable component in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use the ELEVATED_PASSWORD variable even though not allowed by the "Allow password in variable policy". This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29.
nvd
CVE-2023-1202P3MEDIUMCVSS 6.5fixed in 2023.1.10≤ 2023.1.92023-04-02
CVE-2023-1202 [MEDIUM] CWE-863 CVE-2023-1202: Permission bypass when importing or synchronizing entries in User vault in Devolutions Remote Desk Permission bypass when importing or synchronizing entries in User vault in Devolutions Remote Desktop Manager 2023.1.9 and prior versions allows users with restricted rights to bypass entry permission via id collision.
nvd
CVE-2025-2499P4MEDIUMCVSS 5.4fixed in 2024.3.31.0≥ 2025.1.24.0, < 2025.1.26.0+2 more2025-03-26
CVE-2025-2499 [MEDIUM] CWE-284 CVE-2025-2499: Client side access control bypass in the permission component in Devolutions Remote Desktop Manager Client side access control bypass in the permission component in Devolutions Remote Desktop Manager on Windows. An authenticated user can exploit this flaw to bypass certain permission restrictions—specifically View Password, Edit Asset, and Edit Permissions by performing specific actions. This issue affects Remote Desktop Manager versions from 2025.1
nvd
CVE-2023-1574P4MEDIUMCVSS 6.5fixed in 2023.1.10≤ 2023.1.92023-04-02
CVE-2023-1574 [MEDIUM] CWE-522 CVE-2023-1574: Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Des Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user interface to obtain sensitive information via the error message dialog that displays the password in clear text.
nvd
CVE-2024-11671P4MEDIUMCVSS 5.4fixed in 2024.3.18.0≤ 2024.3.172024-11-25
CVE-2024-11671 [MEDIUM] CWE-287 CVE-2024-11671: Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024 Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024.3.17 and earlier on Windows allows an authenticated user to bypass the MFA validation via data source switching.
nvd
CVE-2022-3182P4HIGHCVSS 7.0fixed in 2022.2.15≥ unspecified, ≤ 2022.2.142022-09-13
CVE-2022-3182 [HIGH] CWE-284 CVE-2022-3182: Improper Access Control vulnerability in the Duo SMS two-factor of Devolutions Remote Desktop Manage Improper Access Control vulnerability in the Duo SMS two-factor of Devolutions Remote Desktop Manager 2022.2.14 and earlier allows attackers to bypass the application lock. This issue affects: Devolutions Remote Desktop Manager version 2022.2.14 and prior versions.
nvd
CVE-2024-2403P4MEDIUMCVSS 5.9fixed in 2024.1.15.0≤ 2024.1.122024-03-13
CVE-2024-2403 [MEDIUM] CWE-459 CVE-2024-2403: Improper cleanup in temporary file handling component in Devolutions Remote Desktop Manager 2024.1. Improper cleanup in temporary file handling component in Devolutions Remote Desktop Manager 2024.1.12 and earlier on Windows allows an attacker that compromised a user endpoint, under specific circumstances, to access sensitive information via residual files in the temporary directory.
nvd
CVE-2024-11670P4MEDIUMCVSS 5.4≤ 2024.3.10.02024-11-25
CVE-2024-11670 [MEDIUM] CWE-863 CVE-2024-11670: Incorrect authorization in the permission validation component of Devolutions Remote Desktop Manager Incorrect authorization in the permission validation component of Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows a malicious authenticated user to bypass the "View Password" permission via specific actions.
nvd
CVE-2025-2562P4MEDIUMCVSS 5.4fixed in 2024.3.31.0≥ 2025.1.24.0, < 2025.1.26.0+2 more2025-03-26
CVE-2025-2562 [MEDIUM] CWE-778 CVE-2025-2562: Insufficient logging in the autotyping feature in Devolutions Remote Desktop Manager on Windows allo Insufficient logging in the autotyping feature in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a stored password without generating a corresponding log event, via the use of the autotyping functionality. This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 20
nvd
CVE-2026-12162P4MEDIUMCVSS 5.5fixed in 2026.2.9.0≥ 2026.2.0, ≤ 2026.2.82026-06-16
CVE-2026-12162 [MEDIUM] CWE-297 CVE-2026-12162: Improper host validation in the social login autofill feature in Devolutions Remote Desktop Manager Improper host validation in the social login autofill feature in Devolutions Remote Desktop Manager 2026.2.8 allows an attacker to disclose stored social login credentials via a crafted web entry pointing to a provider lookalike domain.
nvd
Devolutions Remote Desktop Manager vulnerabilities | cvebase