CVE-2022-3781 Vulnerability Details

  /     /     /  

CVE-2022-3781 Metadata Quick Info

CVE Published: 01/11/2022 | CVE Updated: 03/08/2024 | CVE Year: 2022
Source: DEVOLUTIONS | Vendor: Devolutions | Product: Remote Desktop Manager
Status : PUBLISHED

---

CVE-2022-3781 Description

Dashlane password and Keepass Server password in My Account Settings  are not encrypted in the database in Devolutions Remote Desktop Manager 2022.2.26 and prior versions and Devolutions Server 2022.3.1 and prior versions which allows database users to read the data. This issue affects : Remote Desktop Manager 2022.2.26 and prior versions. Devolutions Server 2022.3.1 and prior versions.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-311
CWE Name: CWE-311 Missing Encryption of Sensitive Data
Source: Devolutions

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).