809 matches found
CVE-2024-1901
Denial of service in PAM password rotation during the check-in process in Devolutions Server 2023.3.14.0 allows an authenticated user with specific PAM permissions to make PAM credentials unavailable...
CVE-2024-1764
Improper privilege management in Just-in-time JIT elevation module in Devolutions Server 2023.3.14.0 and earlier allows a user to continue using the elevated privilege even after the expiration under specific circumstances...
CVE-2024-1764
Improper privilege management in Just-in-time JIT elevation module in Devolutions Server 2023.3.14.0 and earlier allows a user to continue using the elevated privilege even after the expiration under specific circumstances...
Improper access control
Improper access control in the notification feature in Devolutions Server 2023.3.14.0 and earlier allows a low privileged user to change notifications settings configured by an administrator...
Design/Logic Flaw
Improper session management in the identity provider authentication flow in Devolutions Server 2023.3.14.0 and earlier allows an authenticated user via an identity provider to stay authenticated after his user is disabled or deleted in the identity provider such as Okta or Microsoft O365. The use...
Authentication flaw
Denial of service in PAM password rotation during the check-in process in Devolutions Server 2023.3.14.0 allows an authenticated user with specific PAM permissions to make PAM credentials unavailable...
Input validation
Improper privilege management in Just-in-time JIT elevation module in Devolutions Server 2023.3.14.0 and earlier allows a user to continue using the elevated privilege even after the expiration under specific circumstances...
CVE-2024-1764
CVE-2024-1764 affects Devolutions Server 2023.3.14.0 and earlier, due to improper privilege management in the Just-in-time (JIT) elevation module. The root cause is the JIT privilege handling, which allows a user to continue using elevated privileges after expiration under certain circumstances. ...
CVE-2024-1764
Improper privilege management in Just-in-time JIT elevation module in Devolutions Server 2023.3.14.0 and earlier allows a user to continue using the elevated privilege even after the expiration under specific circumstances...
CVE-2024-1764
Improper privilege management in Just-in-time JIT elevation module in Devolutions Server 2023.3.14.0 and earlier allows a user to continue using the elevated privilege even after the expiration under specific circumstances...
CVE-2024-1898
Improper access control in the notification feature in Devolutions Server 2023.3.14.0 and earlier allows a low privileged user to change notifications settings configured by an administrator...
CVE-2024-1898
CVE-2024-1898 : Devolutions Server (versions up to 2023.3.14.0) has improper access control in the notification feature, allowing a low-privileged user to change administrator-configured notification settings. The root cause is access control weakness that lets non-admins modify admin-defined con...
CVE-2024-1898
Improper access control in the notification feature in Devolutions Server 2023.3.14.0 and earlier allows a low privileged user to change notifications settings configured by an administrator...
CVE-2024-1900
This CVE affects Devolutions Server (versions up to 2023.3.14.0) where improper session management in the identity provider authentication flow can allow an authenticated user, validated via an external IdP (e.g., Okta or O365), to remain authenticated after their identity is disabled or deleted....
CVE-2024-1900
Improper session management in the identity provider authentication flow in Devolutions Server 2023.3.14.0 and earlier allows an authenticated user via an identity provider to stay authenticated after his user is disabled or deleted in the identity provider such as Okta or Microsoft O365. The use...
CVE-2024-1900
Improper session management in the identity provider authentication flow in Devolutions Server 2023.3.14.0 and earlier allows an authenticated user via an identity provider to stay authenticated after his user is disabled or deleted in the identity provider such as Okta or Microsoft O365. The use...
CVE-2024-1901
CVE-2024-1901 describes a denial of service in Devolutions Server 2023.3.14.0 during PAM password rotation in the check-in process. An authenticated user with specific PAM permissions can render PAM credentials unavailable. The CVSS vector indicates network access, low attack complexity, and low ...
CVE-2024-1901
Denial of service in PAM password rotation during the check-in process in Devolutions Server 2023.3.14.0 allows an authenticated user with specific PAM permissions to make PAM credentials unavailable...
CVE-2024-1901
Denial of service in PAM password rotation during the check-in process in Devolutions Server 2023.3.14.0 allows an authenticated user with specific PAM permissions to make PAM credentials unavailable...
Devolutions Server Security Vulnerability
Devolutions Server is an application from Devolutions Canada. It provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2023.3.14.0 and prior versions, which stems from incorrect access control in the notification...