An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows allows local attackers with access to system logs to obtain session credentials via passwords included in command-line arguments when launching WinSCP sessions
References
Link | Resource |
---|---|
https://devolutions.net/security/advisories/DEVO-2024-0014 | Vendor Advisory |
Configurations
History
01 Oct 2024, 18:36
Type | Values Removed | Values Added |
---|---|---|
First Time |
Devolutions
Devolutions remote Desktop Manager |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
CPE | cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:*:*:* | |
References | () https://devolutions.net/security/advisories/DEVO-2024-0014 - Vendor Advisory |
26 Sep 2024, 13:32
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
25 Sep 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-25 16:15
Updated : 2024-10-01 18:36
NVD link : CVE-2024-7421
Mitre link : CVE-2024-7421
CVE.ORG link : CVE-2024-7421
JSON object : View
Products Affected
devolutions
- remote_desktop_manager
CWE
CWE-532
Insertion of Sensitive Information into Log File