CVE-2024-6055

Improper removal of sensitive information in data source export feature in Devolutions Remote Desktop Manager 2024.1.32.0 and earlier on Windows allows an attacker that obtains the exported settings to recover powershell credentials configured on the data source via stealing the configuration file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.7 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
DEVOLUTIONSCNA
---
---
CISA-ADPADP
4.7 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
VendorProductVersion
devolutionsremote_desktop_manager
𝑥
< 2024.2.8.0
devolutionsremote_desktop_manager
𝑥
< 2024.2.8.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://devolutions.net/security/advisories/DEVO-2024-0008
https://devolutions.net/security/advisories/DEVO-2024-0008