Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Devolutions Inc.

#bfee16bd-18e6-446c-9a65-f5b2e3d89c23
PolicyEmail

Short Name

DEVOLUTIONS

Program Role

CNA

Top Level Root

MITRE Corporation

Security Advisories

View Advisories

Domain

devolutions.net

Country

Canada

Scope

All Devolutions products only.
Reported CVEsVendorsProductsReports
105Vulnerabilities found
CVE-2022-3182
Assigner-Devolutions Inc.
ShareView Details
Assigner-Devolutions Inc.
CVSS Score-7||HIGH
EPSS-0.05% / 13.78%
||
7 Day CHG~0.00%
Published-13 Sep, 2022 | 19:27
Updated-03 Aug, 2024 | 01:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Access Control vulnerability in the Duo SMS two-factor of Devolutions Remote Desktop Manager 2022.2.14 and earlier allows attackers to bypass the application lock. This issue affects: Devolutions Remote Desktop Manager version 2022.2.14 and prior versions.

Action-Not Available
Vendor-Devolutions
Product-remote_desktop_managerRemote Desktop Manager
CWE ID-CWE-284
Improper Access Control
CVE-2022-2316
Assigner-Devolutions Inc.
ShareView Details
Assigner-Devolutions Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.50% / 65.50%
||
7 Day CHG~0.00%
Published-06 Jul, 2022 | 18:56
Updated-03 Aug, 2024 | 00:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HTML injection vulnerability in secure messages of Devolutions Server before 2022.2 allows attackers to alter the rendering of the page or redirect a user to another site.

Action-Not Available
Vendor-Devolutions
Product-devolutions_serverDevolutions Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-2221
Assigner-Devolutions Inc.
ShareView Details
Assigner-Devolutions Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.41%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 18:38
Updated-03 Aug, 2024 | 00:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users. This issue affects: Devolutions Remote Desktop Manager versions prior to 2022.1.8.

Action-Not Available
Vendor-Devolutions
Product-remote_desktop_managerRemote Desktop Manager
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-1342
Assigner-Devolutions Inc.
ShareView Details
Assigner-Devolutions Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.06% / 18.51%
||
7 Day CHG~0.00%
Published-15 Jun, 2022 | 16:09
Updated-17 Sep, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. A caching issue can cause sensitive fields to sometimes stay revealed when closing and reopening a panel, which could lead to involuntarily disclosing sensitive information. This issue affects: Devolutions Remote Desktop Manager 2022.1.24 version and prior versions.

Action-Not Available
Vendor-Devolutions
Product-remote_desktop_managerRemote Desktop Manager
CWE ID-CWE-549
Missing Password Field Masking
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-42098
Assigner-Devolutions Inc.
ShareView Details
Assigner-Devolutions Inc.
CVSS Score-8.8||HIGH
EPSS-0.22% / 44.27%
||
7 Day CHG~0.00%
Published-18 Oct, 2021 | 13:22
Updated-04 Aug, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An incomplete permission check on entries in Devolutions Remote Desktop Manager before 2021.2.16 allows attackers to bypass permissions via batch custom PowerShell.

Action-Not Available
Vendor-Devolutions
Product-remote_desktop_managerRemote Desktop Manager
CWE ID-CWE-276
Incorrect Default Permissions
  • Previous
  • 1
  • 2
  • 3
  • Next