Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Devolutions_server
(Devolutions)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 33 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-03-01 | CVE-2023-0953 | Insufficient input sanitization in the documentation feature of Devolutions Server 2022.3.12 and earlier allows an authenticated attacker to perform an SQL Injection, potentially resulting in unauthorized access to system resources. | Devolutions_server | 8.8 | ||
| 2023-04-02 | CVE-2023-1603 | Permission bypass when importing or synchronizing entries in User vault in Devolutions Server 2022.3.13 and prior versions allows users with restricted rights to bypass entry permission via id collision. | Devolutions_server | 6.5 | ||
| 2023-04-21 | CVE-2023-2118 | Insufficient access control in support ticket feature in Devolutions Server 2023.1.5.0 and below allows an authenticated attacker to send support tickets and download diagnostic files via specific endpoints. | Devolutions_server | 5.4 | ||
| 2023-05-02 | CVE-2023-2445 | Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and earlier allows attackers with administrator privileges to retrieve usage information on folders in user vaults via a specific folder name. | Devolutions_server | 4.9 | ||
| 2023-06-20 | CVE-2023-2400 | Improper deletion of resource in the user management feature in Devolutions Server 2023.1.8 and earlier allows an administrator to view users vaults of deleted users via database access. | Devolutions_server | 2.7 | ||
| 2021-04-01 | CVE-2021-23921 | An issue was discovered in Devolutions Server before 2020.3. There is broken access control on Password List entry elements. | Devolutions_server | 9.1 | ||
| 2021-04-01 | CVE-2021-23923 | An issue was discovered in Devolutions Server before 2020.3. There is Broken Authentication with Windows domain users. | Devolutions_server | 8.1 | ||
| 2021-04-01 | CVE-2021-23924 | An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files. | Devolutions_server | 7.5 | ||
| 2021-04-01 | CVE-2021-23925 | An issue was discovered in Devolutions Server before 2020.3. There is a cross-site scripting (XSS) vulnerability in entries of type Document. | Devolutions_server | 6.1 | ||
| 2021-04-14 | CVE-2021-28048 | An overly permissive CORS policy in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows a remote attacker to leak cross-origin data via a crafted HTML page. | Devolutions_server | 6.5 |