Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Devolutions_server
(Devolutions)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 33 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-06-05 | CVE-2025-5382 | Improper access control in users MFA feature in Devolutions Server 2025.1.7.0 and earlier allows a user with user management permission to remove or change administrators MFA. | Devolutions_server | N/A | ||
| 2024-11-12 | CVE-2024-10971 | Improper access control in the Password History feature in Devolutions DVLS 2024.3.6 and earlier allows a malicious authenticated user to obtain sensitive data via faulty permission. | Devolutions_server | N/A | ||
| 2025-05-28 | CVE-2025-4493 | Improper privilege assignment in PAM JIT privilege sets in Devolutions Server allows a PAM user to perform PAM JIT requests on unauthorized groups by exploiting a user interface issue. This issue affects the following versions : * Devolutions Server 2025.1.3.0 through 2025.1.7.0 * Devolutions Server 2024.3.15.0 and earlier | Devolutions_server | N/A | ||
| 2025-05-01 | CVE-2025-3517 | Incorrect privilege assignment in PAM JIT elevation feature in Devolutions Server 2025.1.5.0 and earlier allows a PAM user to elevate a previously configured user configured in a PAM JIT account via failure to update the internal account’s SID when updating the username. | Devolutions_server | N/A | ||
| 2025-05-05 | CVE-2025-4316 | Improper access control in PAM feature in Devolutions Server allows a PAM user to self approve their PAM requests even if disallowed by the configured policy via specific user interface actions. This issue affects Devolutions Server versions from 2025.1.3.0 through 2025.1.6.0, and all versions up to 2024.3.15.0. | Devolutions_server | N/A | ||
| 2022-11-01 | CVE-2022-3781 | Dashlane password and Keepass Server password in My Account Settings are not encrypted in the database in Devolutions Remote Desktop Manager 2022.2.26 and prior versions and Devolutions Server 2022.3.1 and prior versions which allows database users to read the data. This issue affects : Remote Desktop Manager 2022.2.26 and prior versions. Devolutions Server 2022.3.1 and prior versions. | Devolutions_server, Remote_desktop_manager | 6.5 | ||
| 2023-03-01 | CVE-2023-0951 | Improper access controls on some API endpoints in Devolutions Server 2022.3.12 and earlier could allow a standard privileged user to perform privileged actions. | Devolutions_server | 8.8 | ||
| 2023-03-01 | CVE-2023-0952 | Improper access controls on entries in Devolutions Server 2022.3.12 and earlier could allow an authenticated user to access sensitive data without proper authorization. | Devolutions_server | 6.5 | ||
| 2024-09-25 | CVE-2024-6512 | Authorization bypass in the PAM access request approval mechanism in Devolutions Server 2024.2.10 and earlier allows authenticated users with permissions to approve their own requests, bypassing intended security restrictions, via the PAM access request approval mechanism. | Devolutions_server | 6.5 | ||
| 2024-03-05 | CVE-2024-1898 | Improper access control in the notification feature in Devolutions Server 2023.3.14.0 and earlier allows a low privileged user to change notifications settings configured by an administrator. | Devolutions_server | 4.3 |