Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Devolutions_server
(Devolutions)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 33 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-04-01 | CVE-2021-23924 | An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files. | Devolutions_server | 7.5 | ||
| 2021-04-01 | CVE-2021-23925 | An issue was discovered in Devolutions Server before 2020.3. There is a cross-site scripting (XSS) vulnerability in entries of type Document. | Devolutions_server | 6.1 | ||
| 2021-04-14 | CVE-2021-28048 | An overly permissive CORS policy in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows a remote attacker to leak cross-origin data via a crafted HTML page. | Devolutions_server | 6.5 | ||
| 2021-04-14 | CVE-2021-28157 | An SQL Injection issue in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows an administrative user to execute arbitrary SQL commands via a username in api/security/userinfo/delete. | Devolutions_server | 7.2 | ||
| 2021-07-12 | CVE-2021-36382 | Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint (which accepts cleartext). | Devolutions_server | 3.7 | ||
| 2022-07-06 | CVE-2022-2316 | HTML injection vulnerability in secure messages of Devolutions Server before 2022.2 allows attackers to alter the rendering of the page or redirect a user to another site. | Devolutions_server | 5.4 | ||
| 2022-07-07 | CVE-2022-33996 | Incorrect permission management in Devolutions Server before 2022.2 allows a new user with a preexisting username to inherit the permissions of that previous user. | Devolutions_server | 8.8 | ||
| 2023-02-12 | CVE-2023-0661 | Improper access control in Devolutions Server allows an authenticated user to access unauthorized sensitive data. | Devolutions_server | 6.5 | ||
| 2023-03-10 | CVE-2023-1201 | Improper access control in the secure messages feature in Devolutions Server 2022.3.12 and below allows an authenticated attacker that possesses the message UUID to access the data it contains. | Devolutions_server | 6.5 | ||
| 2023-10-13 | CVE-2023-5240 | Improper access control in PAM propagation scripts in Devolutions Server 2023.2.8.0 and ealier allows an attack with permission to manage PAM propagation scripts to retrieve passwords stored in it via a GET request. | Devolutions_server | 7.5 |