Portal Portal Forum Forum Devolutions Force Devolutions Force Devolutions Hub Business Devolutions Hub Business Devolutions Hub Personal Devolutions Hub Personal Download RDM RDM Workspace Workspace Launcher Launcher

Security & Compliance

Security & Compliance Reporting a Security Issue Advisories

DEVO-2022-0008

Summary

Database connections are not closed properly on MySQL data sources after a user is deleted which could allow them to access unauthorized data.

Affected Products

Remote Desktop Manager 2022.3.7 and earlier.

Change Log

Initial publication - 2022-11-01

Severity

Medium

Product

Remote Desktop Manager

Fix Version

2022.3.8

Database connections for deleted users not closed on MySQL data sources

Description

Database connections on deleted users could stay active on MySQL data sources in Remote Desktop Manager 2022.3.7 and below which allow deleted users to access unauthorized data.

Remediation and Workarounds

Upgrade to Remote Desktop Manager 2022.3.8 and later.

Severity

Medium - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected Products

Remote Desktop Manager 2022.3.7 and earlier.

CVE(s)

CVE-2022-3780