Improper permission handling in the vault offline cache feature in Devolutions Remote Desktop Manager 2024.1.20 and earlier on windows and Devolutions Server 2024.1.8 and earlier allows an attacker to access sensitive informations contained in the offline cache file by gaining access to a computer where the software is installed even though the offline mode is disabled.
History

Mon, 04 Nov 2024 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-281
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: DEVOLUTIONS

Published: 2024-04-09T19:01:43.329Z

Updated: 2024-11-04T16:46:03.419Z

Reserved: 2024-04-09T18:43:05.078Z

Link: CVE-2024-3545

cve-icon Vulnrichment

Updated: 2024-08-01T20:12:07.633Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-04-09T19:15:41.380

Modified: 2024-11-21T09:29:50.790

Link: CVE-2024-3545

cve-icon Redhat

No data.