Lucene search

[email protected]CVE-2022-3780

HistoryNov 01, 2022 - 7:15 p.m.

CVE-2022-3780

2022-11-0119:15:11

CWE-284

[email protected]

web.nvd.nist.gov

database

connections

remote desktop manager

cve-2022-3780

security issue

mysql

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.4%

JSON

Database connections on deleted users could stay active on MySQL data sources in Remote Desktop Manager 2022.3.7 and below which allow deleted users to access unauthorized data.

This issue affects :
Remote Desktop Manager 2022.3.7 and prior versions.

Affected configurations

NVD

Node

devolutionsremote_desktop_managerRange<2022.3.8

CPENameOperatorVersion
devolutions:remote_desktop_managerdevolutions remote desktop managerlt2022.3.8

CPE	Name	Operator	Version
devolutions:remote_desktop_manager	devolutions remote desktop manager	lt	2022.3.8

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Remote Desktop Manager",
    "vendor": "Devolutions",
    "versions": [
      {
        "lessThanOrEqual": "2022.3.7",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

devolutions.net/security/advisories/DEVO-2022-0008

Social References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.4%

JSON

Related for CVE-2022-3780

nvd1 prion1 cvelist1