809 matches found
CVE-2023-1603
Permission bypass when importing or synchronizing entries in User vault in Devolutions Server 2022.3.13 and prior versions allows users with restricted rights to bypass entry permission via id collision...
CVE-2023-1603
Permission bypass when importing or synchronizing entries in User vault in Devolutions Server 2022.3.13 and prior versions allows users with restricted rights to bypass entry permission via id collision...
Authentication flaw
Permission bypass when importing or synchronizing entries in User vault in Devolutions Server 2022.3.13 and prior versions allows users with restricted rights to bypass entry permission via id collision...
Devolutions Server 安全漏洞
Devolutions Server is an application from Devolutions Canada. provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2022.3.13 and prior versions that originates from a privilege bypass when importing or synchronizin...
CVE-2023-1603
Permission bypass when importing or synchronizing entries in User vault in Devolutions Server 2022.3.13 and prior versions allows users with restricted rights to bypass entry permission via id collision...
CVE-2023-1603
Permission bypass when importing or synchronizing entries in User vault in Devolutions Server 2022.3.13 and prior versions allows users with restricted rights to bypass entry permission via id collision...
CVE-2023-1603
CVE-2023-1603 affects Devolutions Server 2022.3.13 and earlier: a permission bypass vulnerability in the User vault when importing or synchronizing entries, due to an ID collision that lets users with restricted rights bypass entry permissions. The reported impact is that integrity of access cont...
PT-2023-17110 · Devolutions · Devolutions Server
Name of the Vulnerable Software and Affected Versions: Devolutions Server versions 2022.3.13 and prior Description: The issue allows users with restricted rights to bypass entry permission via id collision when importing or synchronizing entries in the User vault. Recommendations: For Devolutions...
CVE-2023-1201
Improper access control in the secure messages feature in Devolutions Server 2022.3.12 and below allows an authenticated attacker that possesses the message UUID to access the data it contains...
CVE-2023-1201
Improper access control in the secure messages feature in Devolutions Server 2022.3.12 and below allows an authenticated attacker that possesses the message UUID to access the data it contains...
Improper access control
Improper access control in the secure messages feature in Devolutions Server 2022.3.12 and below allows an authenticated attacker that possesses the message UUID to access the data it contains...
Devolutions Server 安全漏洞
Devolutions Server is an application from Devolutions Canada. provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2022.3.12 and prior versions that stems from improper access control. An attacker could exploit the...
CVE-2023-1201
CVE-2023-1201 affects Devolutions Server 2022.3.12 and earlier, with an improper access control issue in the secure messages feature. An authenticated attacker who possesses the message UUID can access the data contained in that message, per multiple sources. The CVSSv3.1 base score is 6.5 (Mediu...
CVE-2023-1201
Improper access control in the secure messages feature in Devolutions Server 2022.3.12 and below allows an authenticated attacker that possesses the message UUID to access the data it contains...
CVE-2023-1201
Improper access control in the secure messages feature in Devolutions Server 2022.3.12 and below allows an authenticated attacker that possesses the message UUID to access the data it contains...
PT-2023-16816 · Devolutions · Devolutions Server
Name of the Vulnerable Software and Affected Versions: Devolutions Server versions 2022.3.12 and below Description: The issue concerns improper access control in the secure messages feature, allowing an authenticated attacker with the message UUID to access the contained data. Recommendations: Fo...
CVE-2023-0951
Improper access controls on some API endpoints in Devolutions Server 2022.3.12 and earlier could allow a standard privileged user to perform privileged actions...
CVE-2023-0952
Improper access controls on entries in Devolutions Server 2022.3.12 and earlier could allow an authenticated user to access sensitive data without proper authorization...
CVE-2023-0951
Improper access controls on some API endpoints in Devolutions Server 2022.3.12 and earlier could allow a standard privileged user to perform privileged actions...
CVE-2023-0953
Insufficient input sanitization in the documentation feature of Devolutions Server 2022.3.12 and earlier allows an authenticated attacker to perform an SQL Injection, potentially resulting in unauthorized access to system resources...