PT-2024-37349 · Devolutions · Devolutions Remote Desktop Manager

Published

2024-06-17

Updated

2026-01-05

CVE-2024-6055

CVSS v3.1

4.7

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions: Devolutions Remote Desktop Manager versions 2024.1.32.0 and earlier

Description: The issue concerns the improper removal of sensitive information in the data source export feature, allowing an attacker who obtains the exported settings to recover PowerShell credentials configured on the data source by stealing the configuration file.

Recommendations: For Devolutions Remote Desktop Manager versions 2024.1.32.0 and earlier, update to a version that contains a fix for this issue to prevent the recovery of sensitive information.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-212

Related Identifiers

CVE-2024-6055

Affected Products

Devolutions Remote Desktop Manager

PT-2024-37349 · Devolutions · Devolutions Remote Desktop Manager

CVE-2024-6055

Weakness Enumeration

Related Identifiers

Affected Products

References · 7