cbcvebase.

Devolutions Remote Desktop Manager vulnerabilities

53 known vulnerabilities affecting devolutions/remote_desktop_manager.

Total CVEs
53
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL6HIGH16MEDIUM28LOW3

Vulnerabilities

Page 3 of 3
CVE-2024-0589P4MEDIUMCVSS 5.4≤ 2023.3.36.02024-01-31
CVE-2024-0589 [MEDIUM] CWE-79 CVE-2024-0589: Cross-site scripting (XSS) vulnerability in the entry overview tab in Devolutions Remote Desktop Man Cross-site scripting (XSS) vulnerability in the entry overview tab in Devolutions Remote Desktop Manager 2023.3.36 and earlier on Windows allows an attacker with access to a data source to inject a malicious script via a specially crafted input in an entry.
nvd
CVE-2024-6055P4MEDIUMCVSS 4.7fixed in 2024.2.8.0≤ 2024.1.32.02024-06-17
CVE-2024-6055 [MEDIUM] CWE-212 CVE-2024-6055: Improper removal of sensitive information in data source export feature in Devolutions Remote Deskto Improper removal of sensitive information in data source export feature in Devolutions Remote Desktop Manager 2024.1.32.0 and earlier on Windows allows an attacker that obtains the exported settings to recover powershell credentials configured on the data source via stealing the configuration file.
nvd
CVE-2021-23922P4MEDIUMCVSS 5.4fixed in 2020.2.12.02021-04-01
CVE-2021-23922 [MEDIUM] CWE-79 CVE-2021-23922: An issue was discovered in Devolutions Remote Desktop Manager before 2020.2.12. There is a cross-sit An issue was discovered in Devolutions Remote Desktop Manager before 2020.2.12. There is a cross-site scripting (XSS) vulnerability in webviews.
nvd
CVE-2024-7421P4MEDIUMCVSS 5.5fixed in 2024.3.10≤ 2024.2.202024-09-25
CVE-2024-7421 [MEDIUM] CWE-532 CVE-2024-7421: An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows all An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows allows local attackers with access to system logs to obtain session credentials via passwords included in command-line arguments when launching WinSCP sessions
nvd
CVE-2024-11672P4MEDIUMCVSS 4.3fixed in 2024.3.10.0≤ 2024.2.21.02024-11-25
CVE-2024-11672 [MEDIUM] CWE-863 CVE-2024-11672: Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager 2024.2 Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows an authenticated malicious user to bypass the "Add" permission via the import in vault feature.
nvd
CVE-2021-28047P4MEDIUMCVSS 5.4fixed in 2021.1.02021-04-01
CVE-2021-28047 [MEDIUM] CWE-79 CVE-2021-28047: Cross-Site Scripting (XSS) in Administrative Reports in Devolutions Remote Desktop Manager before 20 Cross-Site Scripting (XSS) in Administrative Reports in Devolutions Remote Desktop Manager before 2021.1 allows remote authenticated users to inject arbitrary web script or HTML via multiple input fields.
nvd
CVE-2023-7047P4MEDIUMCVSS 4.4≤ 2023.3.31.02023-12-21
CVE-2023-7047 [MEDIUM] CWE-863 CVE-2023-7047: Inadequate validation of permissions when employing remote tools and macros via the context menu w Inadequate validation of permissions when employing remote tools and macros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature. This affects only SQL data sources.
nvd
CVE-2023-1939P4MEDIUMCVSS 4.3≤ 2022.3.2.0≤ 2022.3.33.0+2 more2023-04-11
CVE-2023-1939 [MEDIUM] CWE-732 CVE-2023-1939: No access control for the OTP key on OTP entries in Devolutions Remote Desktop Manager Windows No access control for the OTP key on OTP entries in Devolutions Remote Desktop Manager Windows 2022.3.33.0 and prior versions and Remote Desktop Manager Linux 2022.3.2.0 and prior versions allows non admin users to see OTP keys via the user interface.
nvd
CVE-2024-3545P4MEDIUMCVSS 4.3fixed in 2024.1.21.0≤ 2024.1.20.02024-04-09
CVE-2024-3545 [MEDIUM] CWE-281 CVE-2024-3545: Improper permission handling in the vault offline cache feature in Devolutions Remote Desktop Manage Improper permission handling in the vault offline cache feature in Devolutions Remote Desktop Manager 2024.1.20 and earlier on windows and Devolutions Server 2024.1.8 and earlier allows an attacker to access sensitive informations contained in the offline cache file by gaining access to a computer where the software is installed even though the offlin
nvd
CVE-2022-1342P4MEDIUMCVSS 4.6≤ 2022.1.24≥ unspecified, ≤ 2022.1.242022-06-15
CVE-2022-1342 [MEDIUM] CWE-549 CVE-2022-1342: A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attacke A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. A caching issue can cause sensitive fields to sometimes stay revealed when closing and reopening a panel, which could lead to involuntarily disclosing sensitive information. This issue affects: Devolutions Remote Desktop Ma
nvd
CVE-2025-2528P4LOWCVSS 3.6fixed in 2024.3.31.0≥ 2025.1.24.0, < 2025.1.26.0+2 more2025-03-26
CVE-2025-2528 [LOW] CWE-285 CVE-2025-2528: Improper authorization in application password policy in Devolutions Remote Desktop Manager on Windo Improper authorization in application password policy in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a configuration different from the one mandated by the system administrators. This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29.
nvd
CVE-2026-0747P4LOWCVSS 3.3≥ 2025.3.24.0, < 2025.3.29.0≥ 2025.3.24.0, ≤ 2025.3.28.02026-01-08
CVE-2026-0747 [LOW] CWE-200 CVE-2026-0747: Exposure of sensitive information in the TeamViewer entry dashboard component in Devolutions Remote Exposure of sensitive information in the TeamViewer entry dashboard component in Devolutions Remote Desktop Manager 2025.3.24.0 through 2025.3.28.0 on Windows allows an external observer to view a password on screen via a defective masking feature, for example during physical observation or screen sharing.
nvd
CVE-2023-0463P4LOWCVSS 3.3v2022.3.29v2022.3.30+1 more2023-01-26
CVE-2023-0463 [LOW] CWE-306 CVE-2023-0463: The force offline MFA prompt setting is not respected when switching to offline mode in Devolutions The force offline MFA prompt setting is not respected when switching to offline mode in Devolutions Remote Desktop Manager 2022.3.29 to 2022.3.30 allows a user to save sensitive data on disk.
nvd
Devolutions Remote Desktop Manager vulnerabilities | cvebase