CVE-2024-2921

2024-03-2616:15:14

[email protected]

web.nvd.nist.gov

improper access control

pam vault permissions

devolutions server 2024.1.10.0

authenticated user

unauthorized access

6.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

Improper access control in PAM vault permissions in Devolutions Server 2024.1.10.0 and earlier allows an authenticated user with access to the PAM to access unauthorized PAM entries via a specific set of permissions.

References

devolutions.net/security/advisories/DEVO-2024-0005