- Description
- Improper authorization in application password policy in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a configuration different from the one mandated by the system administrators. This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29.
- Source
- security@devolutions.net
- NVD status
- Analyzed
- Products
- remote_desktop_manager
CVSS 3.1
- Type
- Secondary
- Base score
- 3.6
- Impact score
- 2.5
- Exploitability score
- 1
- Vector string
- CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
- Severity
- LOW
- security@devolutions.net
- CWE-285
- Hype score
- Not currently trending
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:free:windows:*:*",
"matchCriteriaId": "0C146019-3232-4413-BB31-AC876E37BFE5",
"versionEndExcluding": "2024.3.31.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:team:windows:*:*",
"matchCriteriaId": "183673B7-2357-4FA7-98E7-32F986B65BC3",
"versionEndExcluding": "2024.3.31.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:free:windows:*:*",
"matchCriteriaId": "3A6A560B-95F7-419D-8B56-7327BC2164B1",
"versionEndExcluding": "2025.1.26.0",
"versionStartIncluding": "2025.1.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:team:windows:*:*",
"matchCriteriaId": "367DF58A-9A33-46BD-AB77-74B7B8A4E48E",
"versionEndExcluding": "2025.1.26.0",
"versionStartIncluding": "2025.1.24.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]