CVE-2022-3780

Published: Nov 1, 2022Modified: May 5, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Database connections on deleted users could stay active on MySQL data sources in Remote Desktop Manager 2022.3.7 and below which allow deleted users to access unauthorized data. This issue affects : Remote Desktop Manager 2022.3.7 and prior versions.

Affected (1)

Products: Devolutions: Remote Desktop Manager

1 product

Remote Desktop Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Devolutions Remote Desktop Manager	Before 2022.3.8

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://devolutions.net/security/advisories/DEVO-2022-0008

Source: security@devolutions.net

Vendor Advisory

https://devolutions.net/security/advisories/DEVO-2022-0008

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.