Follow Devolutions Security Advisories, filter it, and define how you want to receive the news (via Email, RSS, Telegram, WhatsApp etc.) https://follow.it/devolutions-security-advisories Tue, 31 Jan 2023 08:34:33 +0200 https://api.follow.it/track-rss-story-click/v3/ipv4Lh8GHvdkkqW9-KFwyqbel3Iu4GjH Remote Desktop Manager is affected by a low severity vulnerability.]]> Tue, 24 Jan 2023 18:36:40 +0200 https://api.follow.it/track-rss-story-click/v3/ipv4Lh8GHvdkkqW9-KFwyqbel3Iu4GjH https://api.follow.it/track-rss-story-click/v3/ipv4Lh8GHvdN8Gp1GIn0hrmyhX6zo8SW Authentication bypass in local application lock feature in Devolutions Remote Desktop Manager  2022.3.26 and earlier on Windows allows malicious user to access the application.]]> Tue, 20 Dec 2022 16:11:45 +0200 https://api.follow.it/track-rss-story-click/v3/ipv4Lh8GHvdN8Gp1GIn0hrmyhX6zo8SW https://api.follow.it/track-rss-story-click/v3/ipv4Lh8GHvcv403LA8BVSi1Ly282xAAw Elevation of privilege in the Azure SQL Data Source in Devolutions Remote Desktop Manager 2022.3.13 to 2022.3.24 allows an authenticated user to spoof a privileged account.]]> Wed, 07 Dec 2022 16:27:10 +0200 https://api.follow.it/track-rss-story-click/v3/ipv4Lh8GHvcv403LA8BVSi1Ly282xAAw https://api.follow.it/track-rss-story-click/v3/ipv4Lh8GHveqQappK1yNyGW0GqTRQSgk The MSI installers for Devolutions Server Console and Remote Desktop Manager were vulnerable to a local privilege escalation. This issue is caused by a vulnerability in the Advanced Installer product. The following Advanced Installer release fixes this issue : https://www.advancedinstaller.com/release-20.1.html]]> Thu, 17 Nov 2022 23:07:01 +0200 https://api.follow.it/track-rss-story-click/v3/ipv4Lh8GHveqQappK1yNyGW0GqTRQSgk https://api.follow.it/track-rss-story-click/v3/ipv4Lh8GHveqQappK1yNyM4HQhe4ZUzd Dashlane password and Keepass Server password in My Account Settings is stored unencrypted in the database.]]> Mon, 31 Oct 2022 22:19:38 +0200 https://api.follow.it/track-rss-story-click/v3/ipv4Lh8GHveqQappK1yNyM4HQhe4ZUzd https://api.follow.it/track-rss-story-click/v3/ipv4Lh8GHveqQappK1yNyEQqW5gBv7mX Database connections are not closed properly on MySQL data sources after a user is deleted which could allow them to access unauthorized data.]]> Mon, 31 Oct 2022 21:37:49 +0200 https://api.follow.it/track-rss-story-click/v3/ipv4Lh8GHveqQappK1yNyEQqW5gBv7mX https://api.follow.it/track-rss-story-click/v3/ipv4Lh8GHveqQappK1yNyOm6srrLMsqK It is possible to bypass the application lock in Remote Desktop Manager when Duo SMS two-factor is used.]]> Mon, 12 Sep 2022 21:34:44 +0200 https://api.follow.it/track-rss-story-click/v3/ipv4Lh8GHveqQappK1yNyOm6srrLMsqK https://api.follow.it/track-rss-story-click/v3/ipv4Lh8GHveqQappK1yNyOifqJurszLU Multiple vulnerabilities were fixed in Devolutions Server 2022.2.]]> Mon, 13 Jun 2022 20:52:55 +0200 https://api.follow.it/track-rss-story-click/v3/ipv4Lh8GHveqQappK1yNyOifqJurszLU https://api.follow.it/track-rss-story-click/v3/ipv4Lh8GHveqQappK1yNyJu9CxXrVx4c An arbitrary file write in entry attachments was fixed in Remote Desktop Manager 2022.2]]> Mon, 13 Jun 2022 19:21:04 +0200 https://api.follow.it/track-rss-story-click/v3/ipv4Lh8GHveqQappK1yNyJu9CxXrVx4c https://api.follow.it/track-rss-story-click/v3/ipv4Lh8GHveqQappK1yNyEGb1Jh49AJn Credentials in My Account Settings are accessible to other users when stored in the database.]]> Mon, 02 May 2022 21:12:53 +0200 https://api.follow.it/track-rss-story-click/v3/ipv4Lh8GHveqQappK1yNyEGb1Jh49AJn https://api.follow.it/track-rss-story-click/v3/ipv4Lh8GHveqQappK1yNyOGkz6RCC25z A vulnerability can reduce the strength of some passwords when exporting data in Remote Desktop Manager.]]> Wed, 09 Mar 2022 21:59:04 +0200 https://api.follow.it/track-rss-story-click/v3/ipv4Lh8GHveqQappK1yNyOGkz6RCC25z https://api.follow.it/track-rss-story-click/v3/ipv4Lh8GHveqQappK1yNyFhGNgNo2_0q An issue was identified where masked fields would sometime stay revealed when reopening a panel.]]> Fri, 25 Feb 2022 19:03:50 +0200 https://api.follow.it/track-rss-story-click/v3/ipv4Lh8GHveqQappK1yNyFhGNgNo2_0q https://api.follow.it/track-rss-story-click/v3/ipv4Lh8GHveqQappK1yNyAVLTsI7B9NX A vulnerability was fixed in Devolutions Password Hub for iOS where the FaceID application lock could be bypassed.]]> Fri, 21 Jan 2022 19:57:16 +0200 https://api.follow.it/track-rss-story-click/v3/ipv4Lh8GHveqQappK1yNyAVLTsI7B9NX https://api.follow.it/track-rss-story-click/v3/ipv4Lh8GHveqQappK1yNyOQEmsPXZ5C9 An incomplete permission check allows users to perform operations on entries without the required permissions when using the batch "Custom Powershell" action.]]> Thu, 07 Oct 2021 15:52:00 +0200 https://api.follow.it/track-rss-story-click/v3/ipv4Lh8GHveqQappK1yNyOQEmsPXZ5C9 https://api.follow.it/track-rss-story-click/v3/ipv4Lh8GHveqQappK1yNyGsGk81fO-bN A vulnerability was fixed were private key were returned unencrypted by the connections/partial endpoint.]]> Wed, 30 Jun 2021 04:15:52 +0200 https://api.follow.it/track-rss-story-click/v3/ipv4Lh8GHveqQappK1yNyGsGk81fO-bN https://api.follow.it/track-rss-story-click/v3/ipv4Lh8GHveqQappK1yNyB-xWH3zZqEA Plusieurs vulnérabilités ont été corrigés dans Devolutions Server.]]> Mon, 12 Apr 2021 16:52:38 +0200 https://api.follow.it/track-rss-story-click/v3/ipv4Lh8GHveqQappK1yNyB-xWH3zZqEA https://api.follow.it/track-rss-story-click/v3/ipv4Lh8GHveqQappK1yNyGw5Ur-z5Bww Multiple vulnerabilities were fixed in Devolutions Server 2020.3.]]> Mon, 12 Apr 2021 16:42:05 +0200 https://api.follow.it/track-rss-story-click/v3/ipv4Lh8GHveqQappK1yNyGw5Ur-z5Bww https://api.follow.it/track-rss-story-click/v3/ipv4Lh8GHveqQappK1yNyBhSCv31NykC A Cross-Site Scripting (XSS) vulnerability was fixed in Remote Desktop Manager.]]> Mon, 12 Apr 2021 16:42:05 +0200 https://api.follow.it/track-rss-story-click/v3/ipv4Lh8GHveqQappK1yNyBhSCv31NykC https://api.follow.it/track-rss-story-click/v3/ipv4Lh8GHveqQappK1yNyBeIF_fEM9tn A cross-site scripting (XSS) vulnerability was fixed in Remote Desktop Manager.]]> Mon, 12 Apr 2021 16:42:05 +0200 https://api.follow.it/track-rss-story-click/v3/ipv4Lh8GHveqQappK1yNyBeIF_fEM9tn