CVE-2024-4846

2024-06-2513:15:50

[email protected]

web.nvd.nist.gov

cve-2024-4846

devolutions server

authentication bypass

2fa

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Authentication bypass in the 2FA feature in Devolutions Server 2024.1.14.0 and earlier allows an authenticated attacker to authenticate to another user without being asked for the 2FA via another browser tab.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Server",
    "vendor": "Devolutions",
    "versions": [
      {
        "lessThanOrEqual": "2024.1.14.0",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

devolutions.net/security/advisories/DEVO-2024-0009