Portal Portal Forum Forum Devolutions Force Devolutions Force Devolutions Hub Business Devolutions Hub Business Devolutions Hub Personal Devolutions Hub Personal Download RDM RDM Workspace Workspace Launcher Launcher

Security & Compliance

Security & Compliance Reporting a Security Issue Advisories

DEVO-2022-0010

Summary

Elevation of privilege in the Azure SQL Data Source in Devolutions Remote Desktop Manager 2022.3.13 to 2022.3.24 allows an authenticated user to spoof a privileged account.

Affected Products

Remote Desktop Manager 2022.3.13 to 2022.3.24.

Change Log

Initial publication - 2022-12-7

Severity

Medium

Product

Remote Desktop Manager

Fix Version

2022.3.26

Remote Desktop Manager Azure SQL privilege escalation

Description

Elevation of privilege in the Azure SQL Data Source in Devolutions Remote Desktop Manager 2022.3.13 to 2022.3.24 allows an authenticated user to spoof a privileged account.

Remediation and Workarounds

Update to Remote Desktop Manager 2022.3.26 or higher.

Severity

High - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Affected Products

Remote Desktop Manager 2022.3.13 to 2022.3.24

CVE(s)

CVE-2022-3641