Headline
CVE-2023-2282: Devolutions
Improper access control in the Web Login listener in Devolutions Remote Desktop Manager 2023.1.22 and earlier on Windows allows an authenticated user to bypass administrator-enforced Web Login restrictions and gain access to entries via an unexpected vector.
DEVO-2023-0012****Affected Products
Remote Desktop Manager Windows 2023.1.22 and earlier.
Change Log
Initial Publication - 2023-04-25
Severity
Low
Product
Remote Desktop Manager Windows
Fix Version
2023.1.23
Summary
Remote Desktop Manager Windows is affected by a security vulnerability.
Web Login application restriction bypass****Description
Improper access control in the Web Login listener in Devolutions Remote Desktop Manager 2023.1.22 and earlier on Windows allows an authenticated user to bypass administrator-enforced Web Login restrictions and gain access to entries via an unexpected vector.
Remediation and Workarounds
Upgrade to Remote Desktop Manager Windows 2023.1.23 and higher.
Severity
Low - 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected Products
Remote Desktop Manager Windows 2023.1.22 and earlier.
CVE(s)
CVE-2023-2282