Vulnerabilities > Devolutions > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-12-12 CVE-2023-6593 Incorrect Permission Assignment for Critical Resource vulnerability in Devolutions Remote Desktop Manager
Client side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS allows an attacker that has access to the application to execute entries in a SQL data source without restriction.
network
low complexity
devolutions CWE-732
critical
9.8
2023-11-01 CVE-2023-5765 Unspecified vulnerability in Devolutions Remote Desktop Manager
Improper access control in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to bypass permissions via data source switching.
network
low complexity
devolutions
critical
9.8
2023-11-01 CVE-2023-5766 Unspecified vulnerability in Devolutions Remote Desktop Manager
A remote code execution vulnerability in Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to remotely execute code from another windows user session on the same host via a specially crafted TCP packet.
network
low complexity
devolutions
critical
9.8
2023-08-21 CVE-2023-4373 Improper Authentication vulnerability in Devolutions Remote Desktop Manager
Inadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature.
network
low complexity
devolutions CWE-287
critical
9.8