{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-1203", "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "state": "PUBLISHED", "assignerShortName": "DEVOLUTIONS", "dateReserved": "2023-03-06T15:57:41.560Z", "datePublished": "2023-03-06T16:38:52.008Z", "dateUpdated": "2025-03-06T14:55:36.915Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["Hub Business submodule"], "product": "Remote Desktop Manager PowerShell Module", "vendor": "Devolutions", "versions": [{"lessThanOrEqual": "2022.3.1.5", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div>Improper removal of sensitive data in the entry edit feature of Hub Business submodule in Devolutions Remote Desktop Manager PowerShell Module 2022.3.1.5 and earlier allows an authenticated user to access sensitive data on entries that were edited using the affected submodule.<br></div>"}], "value": "Improper removal of sensitive data in the entry edit feature of Hub Business submodule in Devolutions Remote Desktop Manager PowerShell Module 2022.3.1.5 and earlier allows an authenticated user to access sensitive data on entries that were edited using the affected submodule.\n\n\n"}], "providerMetadata": {"orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS", "dateUpdated": "2023-03-10T20:05:13.704Z"}, "references": [{"url": "https://devolutions.net/security/advisories/DEVO-2023-0004"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:40:59.814Z"}, "title": "CVE Program Container", "references": [{"url": "https://devolutions.net/security/advisories/DEVO-2023-0004", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-200", "lang": "en", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-06T14:54:57.310069Z", "id": "CVE-2023-1203", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-06T14:55:36.915Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://devolutions.net/security/advisories/DEVO-2023-0004", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:40:59.814Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-1203", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-06T14:54:57.310069Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-06T14:55:19.445Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "Devolutions", "modules": ["Hub Business submodule"], "product": "Remote Desktop Manager PowerShell Module", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2022.3.1.5"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://devolutions.net/security/advisories/DEVO-2023-0004"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Improper removal of sensitive data in the entry edit feature of Hub Business submodule in Devolutions Remote Desktop Manager PowerShell Module 2022.3.1.5 and earlier allows an authenticated user to access sensitive data on entries that were edited using the affected submodule.\n\n\n", "supportingMedia": [{"type": "text/html", "value": "<div>Improper removal of sensitive data in the entry edit feature of Hub Business submodule in Devolutions Remote Desktop Manager PowerShell Module 2022.3.1.5 and earlier allows an authenticated user to access sensitive data on entries that were edited using the affected submodule.<br></div>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS", "dateUpdated": "2023-03-10T20:05:13.704Z"}}}, "cveMetadata": {"cveId": "CVE-2023-1203", "state": "PUBLISHED", "dateUpdated": "2025-03-06T14:55:36.915Z", "dateReserved": "2023-03-06T15:57:41.560Z", "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "datePublished": "2023-03-06T16:38:52.008Z", "assignerShortName": "DEVOLUTIONS"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "F4785D08-0B8C-4D69-8B37-8DB6C11D5CF3", "versionEndExcluding": "2022.3.1.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper removal of sensitive data in the entry edit feature of Hub Business submodule in Devolutions Remote Desktop Manager PowerShell Module 2022.3.1.5 and earlier allows an authenticated user to access sensitive data on entries that were edited using the affected submodule.\n\n\n"}], "id": "CVE-2023-1203", "lastModified": "2025-03-06T15:15:13.977", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-03-10T21:15:14.680", "references": [{"source": "security@devolutions.net", "tags": ["Vendor Advisory"], "url": "https://devolutions.net/security/advisories/DEVO-2023-0004"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://devolutions.net/security/advisories/DEVO-2023-0004"}], "sourceIdentifier": "security@devolutions.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}