Lucene search

Devolutions Server Security Vulnerabilities

cve

CVE-2022-33996

Incorrect permission management in Devolutions Server before 2022.2 allows a new user with a preexisting username to inherit the permissions of that previous...

8.8CVSS

8.5AI Score

0.001EPSS

2022-07-07 12:15 PM

cve

CVE-2021-36382

Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint (which accepts...

3.7CVSS

4.4AI Score

0.001EPSS

2021-07-12 02:15 PM

cve

CVE-2021-28048

An overly permissive CORS policy in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows a remote attacker to leak cross-origin data via a crafted HTML...

6.5CVSS

6.1AI Score

0.002EPSS

2021-04-14 08:15 PM

cve

CVE-2021-28157

An SQL Injection issue in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows an administrative user to execute arbitrary SQL commands via a username in...

7.2CVSS

7.6AI Score

0.001EPSS

2021-04-14 08:15 PM

cve

CVE-2021-23923

An issue was discovered in Devolutions Server before 2020.3. There is Broken Authentication with Windows domain...

8.1CVSS

8AI Score

0.001EPSS

2021-04-01 10:15 PM

cve

CVE-2021-23924

An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic...

7.5CVSS

7.4AI Score

0.002EPSS

2021-04-01 10:15 PM

cve

CVE-2021-23925

An issue was discovered in Devolutions Server before 2020.3. There is a cross-site scripting (XSS) vulnerability in entries of type...

6.1CVSS

6AI Score

0.001EPSS

2021-04-01 10:15 PM

244

cve

CVE-2021-23921

An issue was discovered in Devolutions Server before 2020.3. There is broken access control on Password List entry...

9.1CVSS

9.1AI Score

0.002EPSS

2021-04-01 10:15 PM