CVE-2022-2316

CVE-2022-2316 : The connected sources confirm an HTML injection vulnerability in Devolutions Server prior to 2022.2 affecting the handling of secure messages. The root cause is injection of HTML tags into a secure message (including its header, per CNNVD) that can alter how the page renders or ca...

CVE-2022-2316

HTML injection vulnerability in secure messages of Devolutions Server before 2022.2 allows attackers to alter the rendering of the page or redirect a user to another site...

Devolutions Server 跨站脚本漏洞

Devolutions Server is an application from Devolutions Canada. It provides a full-featured shared account and password management solution. A security vulnerability exists in versions of Devolutions Server prior to 2022.2, which stems from the fact that some HTML tags can be injected into the head...

CVE-2021-36382

Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint which accepts cleartext...

CVE-2021-36382

Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint which accepts cleartext...

Design/Logic Flaw

Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint which accepts cleartext...

CVE-2021-36382

Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint which accepts cleartext...

CVE-2021-36382

CVE-2021-36382 affects Devolutions Server prior to 2021.1.18 and LTS prior to 2020.3.20. The issue allows interception of private keys via a man-in-the-middle attack against the connections/partial endpoint, which accepts plaintext. Affected components and exact root cause are described across mu...

CVE-2021-36382

Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint which accepts cleartext...

Devolutions Server 信任管理问题漏洞

Devolutions Server is an application from Devolutions Canada. It provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server that originates in Devolutions Server prior to 2021.1.18 and LTS prior to 2020.3.20 that intercepts...

Devolutions Server Authorization Issues Vulnerability

Devolutions Server is an application from Devolutions Canada. It provides a full-featured shared account and password management solution. An authorization issue vulnerability exists in Devolutions Server versions prior to 2020.3 that stems from an authentication outage for Windows domain users. ...

Devolutions Server SQL Injection Vulnerability

Devolutions Server is an application from Devolutions Canada. It provides a full-featured shared account and password management solution. A SQL injection vulnerability exists in Devolutions Server versions prior to 2021.1and Devolutions Server LTS versions prior to 2020.3.18, which can be...

CVE-2021-28048

An overly permissive CORS policy in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows a remote attacker to leak cross-origin data via a crafted HTML page...

CVE-2021-28157

An SQL Injection issue in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows an administrative user to execute arbitrary SQL commands via a username in api/security/userinfo/delete...

CVE-2021-28048

An overly permissive CORS policy in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows a remote attacker to leak cross-origin data via a crafted HTML page...

CVE-2021-28157

An SQL Injection issue in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows an administrative user to execute arbitrary SQL commands via a username in api/security/userinfo/delete...

Design/Logic Flaw

An overly permissive CORS policy in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows a remote attacker to leak cross-origin data via a crafted HTML page...

Sql injection

An SQL Injection issue in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows an administrative user to execute arbitrary SQL commands via a username in api/security/userinfo/delete...

CVE-2021-28157

An SQL Injection issue in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows an administrative user to execute arbitrary SQL commands via a username in api/security/userinfo/delete...

CVE-2021-28157

CVE-2021-28157 affects Devolutions Server and Devolutions Server LTS. The vulnerability is a SQL injection in the API endpoint api/security/userinfo/delete that allows an administrative user to execute arbitrary SQL commands. Affected versions are Devolutions Server before 2021.1 and Devolutions ...