Headline
CVE-2022-3780: DEVO-2022-0008
Database connections on deleted users could stay active on MySQL data sources in Remote Desktop Manager 2022.3.7 and below which allow deleted users to access unauthorized data. This issue affects : Remote Desktop Manager 2022.3.7 and prior versions.
Call me
Live Chat
Log in
Security & Compliance Reporting a Security Issue Advisories
Affected Products
Remote Desktop Manager 2022.3.7 and earlier.
Change Log
Initial publication - 2022-11-01
Product
Remote Desktop Manager
Summary
Database connections are not closed properly on MySQL data sources after a user is deleted which could allow them to access unauthorized data.
Database connections for deleted users not closed on MySQL data sources
Description
Database connections on deleted users could stay active on MySQL data sources in Remote Desktop Manager 2022.3.7 and below which allow deleted users to access unauthorized data.
Remediation and Workarounds
Upgrade to Remote Desktop Manager 2022.3.8 and later.
Severity
Medium - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected Products
Remote Desktop Manager 2022.3.7 and earlier.