{
  "document" : {
    "aggregate_severity" : {
      "text" : "hoch"
    },
    "category" : "csaf_base",
    "csaf_version" : "2.0",
    "distribution" : {
      "tlp" : {
        "label" : "WHITE",
        "url" : "https://www.first.org/tlp/"
      }
    },
    "lang" : "de-DE",
    "notes" : [ {
      "category" : "legal_disclaimer",
      "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen."
    }, {
      "category" : "description",
      "text" : "Devolutions Remote Desktop Manager ist eine zentrale Plattform zur Verwaltung von Remoteverbindungen, Passwörtern und Anmeldeinformationen.\r\nDevolutions Server ist eine selbstgehostete, zentralisierte Plattform zur Verwaltung und Freigabe von Passwörtern, Verbindungsdaten und Zugriffen in IT-Teams",
      "title" : "Produktbeschreibung"
    }, {
      "category" : "summary",
      "text" : "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Devolutions Remote Desktop Manager und Devolutions Server ausnutzen, um erweiterte Berechtigungen zu erlangen, Dateien zu manipulieren, Sicherheitsmaßnahmen zu umgehen oder vertrauliche Informationen offenzulegen.",
      "title" : "Angriff"
    }, {
      "category" : "general",
      "text" : "- Sonstiges\n- Windows",
      "title" : "Betroffene Betriebssysteme"
    } ],
    "publisher" : {
      "category" : "other",
      "contact_details" : "csaf-provider@cert-bund.de",
      "name" : "Bundesamt für Sicherheit in der Informationstechnik",
      "namespace" : "https://www.bsi.bund.de"
    },
    "references" : [ {
      "category" : "self",
      "summary" : "WID-SEC-W-2026-0588 - CSAF Version",
      "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0588.json"
    }, {
      "category" : "self",
      "summary" : "WID-SEC-2026-0588 - Portal Version",
      "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0588"
    }, {
      "category" : "external",
      "summary" : "Devolutions Security Advisory vom 2026-03-03",
      "url" : "https://devolutions.net/security/advisories/DEVO-2026-0005/"
    }, {
      "category" : "external",
      "summary" : "NIST Security Advisory vom 2026-03-03",
      "url" : "https://nvd.nist.gov/vuln/detail/CVE-2026-3204"
    }, {
      "category" : "external",
      "summary" : "NIST Security Advisory vom 2026-03-03",
      "url" : "https://nvd.nist.gov/vuln/detail/CVE-2026-2590"
    } ],
    "source_lang" : "en-US",
    "title" : "Devolutions Server und Remote Desktop Manager: Mehrere Schwachstellen",
    "tracking" : {
      "current_release_date" : "2026-03-03T23:00:00.000+00:00",
      "generator" : {
        "date" : "2026-03-04T11:37:11.133+00:00",
        "engine" : {
          "name" : "BSI-WID",
          "version" : "1.5.0"
        }
      },
      "id" : "WID-SEC-W-2026-0588",
      "initial_release_date" : "2026-03-03T23:00:00.000+00:00",
      "revision_history" : [ {
        "date" : "2026-03-03T23:00:00.000+00:00",
        "number" : "1",
        "summary" : "Initiale Fassung"
      } ],
      "status" : "final",
      "version" : "1"
    }
  },
  "product_tree" : {
    "branches" : [ {
      "branches" : [ {
        "branches" : [ {
          "category" : "product_version_range",
          "name" : "<2026.1",
          "product" : {
            "name" : "Devolutions Remote Desktop Manager <2026.1",
            "product_id" : "T051371"
          }
        }, {
          "category" : "product_version",
          "name" : "2026.1",
          "product" : {
            "name" : "Devolutions Remote Desktop Manager 2026.1",
            "product_id" : "T051371-fixed",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:devolutions:remote_desktop_manager:2026.1"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "Remote Desktop Manager"
      }, {
        "branches" : [ {
          "category" : "product_version_range",
          "name" : "<2026.1",
          "product" : {
            "name" : "Devolutions Server <2026.1",
            "product_id" : "T051372"
          }
        }, {
          "category" : "product_version",
          "name" : "2026.1",
          "product" : {
            "name" : "Devolutions Server 2026.1",
            "product_id" : "T051372-fixed",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:devolutions:devolutions_server:2026.1"
            }
          }
        }, {
          "category" : "product_version_range",
          "name" : "<2025.3.16",
          "product" : {
            "name" : "Devolutions Server <2025.3.16",
            "product_id" : "T051373"
          }
        }, {
          "category" : "product_version",
          "name" : "2025.3.16",
          "product" : {
            "name" : "Devolutions Server 2025.3.16",
            "product_id" : "T051373-fixed",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:devolutions:devolutions_server:2025.3.16"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "Server"
      } ],
      "category" : "vendor",
      "name" : "Devolutions"
    } ]
  },
  "vulnerabilities" : [ {
    "cve" : "CVE-2026-3204",
    "product_status" : {
      "known_affected" : [ "T051373", "T051372" ]
    },
    "release_date" : "2026-03-03T23:00:00.000+00:00",
    "title" : "CVE-2026-3204"
  }, {
    "cve" : "CVE-2026-3130",
    "product_status" : {
      "known_affected" : [ "T051373", "T051372" ]
    },
    "release_date" : "2026-03-03T23:00:00.000+00:00",
    "title" : "CVE-2026-3130"
  }, {
    "cve" : "CVE-2026-3224",
    "product_status" : {
      "known_affected" : [ "T051373" ]
    },
    "release_date" : "2026-03-03T23:00:00.000+00:00",
    "title" : "CVE-2026-3224"
  }, {
    "cve" : "CVE-2026-2590",
    "product_status" : {
      "known_affected" : [ "T051371" ]
    },
    "release_date" : "2026-03-03T23:00:00.000+00:00",
    "title" : "CVE-2026-2590"
  } ]
}