2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2023-1202" ,
"sourceIdentifier" : "security@devolutions.net" ,
"published" : "2023-04-02T21:15:08.250" ,
2023-11-07 21:03:21 +00:00
"lastModified" : "2023-11-07T04:02:51.707" ,
"vulnStatus" : "Modified" ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
2023-11-07 21:03:21 +00:00
"value" : "Permission bypass when importing or synchronizing entries\u00a0in User vault\n\n in Devolutions Remote Desktop Manager 2023.1.9 and prior versions allows users with restricted rights to bypass entry permission via id collision."
2023-04-24 12:24:31 +02:00
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "LOW" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "HIGH" ,
"availabilityImpact" : "NONE" ,
"baseScore" : 6.5 ,
"baseSeverity" : "MEDIUM"
} ,
"exploitabilityScore" : 2.8 ,
"impactScore" : 3.6
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-863"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "2023.1.10" ,
"matchCriteriaId" : "DF2F5F64-BFED-4D0D-95E8-BA3B53356C54"
}
]
}
]
}
] ,
"references" : [
{
"url" : "https://devolutions.net/security/advisories/DEVO-2023-0008" ,
"source" : "security@devolutions.net" ,
"tags" : [
"Vendor Advisory"
]
}
]
}
