CVE-2023-1203

2023-03-0616:38:52

DEVOLUTIONS

www.cve.org

improper removal

sensitive data

hub business

devolutions remote desktop manager

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

29.2%

JSON

Improper removal of sensitive data in the entry edit feature of Hub Business submodule in Devolutions Remote Desktop Manager PowerShell Module 2022.3.1.5 and earlier allows an authenticated user to access sensitive data on entries that were edited using the affected submodule.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Hub Business submodule"
    ],
    "product": "Remote Desktop Manager PowerShell Module",
    "vendor": "Devolutions",
    "versions": [
      {
        "lessThanOrEqual": "2022.3.1.5",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

devolutions.net/security/advisories/DEVO-2023-0004