1219 matches found
CVE-2025-3517
CVE-2025-3517 affects Devolutions Server (versions ≤ 2025.1.5.0) and concerns the PAM JIT elevation feature. The root cause is an incorrect privilege assignment caused by failure to update the internal account SID when updating a username, enabling a PAM user to elevate a previously configured us...
CVE-2025-3517
Incorrect privilege assignment in PAM JIT elevation feature in Devolutions Server 2025.1.5.0 and earlier allows a PAM user to elevate a previously configured user configured in a PAM JIT account via failure to update the internal account’s SID when updating the username...
PT-2025-18693 · Devolutions · Devolutions Server
Name of the Vulnerable Software and Affected Versions: Devolutions Server versions 2025.1.5.0 and earlier Description: The issue concerns a privilege context switching error in the PAM JIT feature of Devolutions Server. This error allows a PAM JIT account password to be improperly reset after usa...
Devolutions Server 安全漏洞
Devolutions Server is an application from Devolutions Canada Inc. It provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2025.1.5.0 and prior versions, which stems from an improper assignment of privileges to the...
CVE-2025-2600
Improper authorization in the variable component in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use the ELEVATEDPASSWORD variable even though not allowed by the "Allow password in variable policy". This issue affects Remote Desktop Manager versions from 2025.1.24...
CVE-2025-2499
Client side access control bypass in the permission component in Devolutions Remote Desktop Manager on Windows. An authenticated user can exploit this flaw to bypass certain permission restrictions—specifically View Password, Edit Asset, and Edit Permissions by performing specific actions. This...
CVE-2025-2528
Improper authorization in application password policy in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a configuration different from the one mandated by the system administrators. This issue affects Remote Desktop Manager versions from 2025.1.24 through...
Devolutions Remote Desktop < 2024.3.31 / 2025.x < 2025.1.26 multiple vulnerabilities (DEVO-2025-0005)
The version of Devolutions Remote Desktop Manager installed on the remote host is prior to 2024.3.31 / 2025.1.26 and is, therefore, affected by multiple vulnerabilities: - Client side access control bypass in the permission component in Devolutions Remote Desktop Manager on Windows. An...
CVE-2025-2600
Improper authorization in the variable component in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use the ELEVATEDPASSWORD variable even though not allowed by the "Allow password in variable policy". This issue affects Remote Desktop Manager versions from 2025.1.24...
CVE-2025-2562
Insufficient logging in the autotyping feature in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a stored password without generating a corresponding log event, via the use of the autotyping functionality. This issue affects Remote Desktop Manager versions from...
CVE-2025-2600
Improper authorization in the variable component in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use the ELEVATEDPASSWORD variable even though not allowed by the "Allow password in variable policy". This issue affects Remote Desktop Manager versions from 2025.1.24...
CVE-2025-2600
Improper authorization in the variable component in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use the ELEVATEDPASSWORD variable even though not allowed by the "Allow password in variable policy". This issue affects Remote Desktop Manager versions from 2025.1.24...
CVE-2025-2600
CVE-2025-2600 affects Devolutions Remote Desktop Manager for Windows. The vulnerability is an improper authorization in the variable component that allows an authenticated user to use the ELEVATED_PASSWORD variable despite the Allow password in variable policy. Affected versions include 2025.1.24...
CVE-2025-2562
CVE-2025-2562 describes insufficient logging in the autotyping feature of Devolutions Remote Desktop Manager for Windows, enabling an authenticated user to use a stored password without generating a log event. Affected versions are 2025.1.24–2025.1.25 and all versions up to 2024.3.29. Remediation...
CVE-2025-2562
Insufficient logging in the autotyping feature in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a stored password without generating a corresponding log event, via the use of the autotyping functionality. This issue affects Remote Desktop Manager versions from...
CVE-2025-2528
Improper authorization in application password policy in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a configuration different from the one mandated by the system administrators. This issue affects Remote Desktop Manager versions from 2025.1.24 through...
CVE-2025-2528
CVE-2025-2528 in Devolutions Remote Desktop Manager for Windows is due to improper authorization in the application password policy, allowing an authenticated user to use a configuration not mandated by admins. Affected versions span 2024.3.29 and earlier, and 2025.1.24–2025.1.25. Remediation is ...
CVE-2025-2528
Improper authorization in application password policy in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a configuration different from the one mandated by the system administrators. This issue affects Remote Desktop Manager versions from 2025.1.24 through...
CVE-2025-2499
Client side access control bypass in the permission component in Devolutions Remote Desktop Manager on Windows. An authenticated user can exploit this flaw to bypass certain permission restrictions—specifically View Password, Edit Asset, and Edit Permissions by performing specific actions. This...
PT-2025-12981 · Devolutions · Devolutions Remote Desktop Manager
Name of the Vulnerable Software and Affected Versions: Devolutions Remote Desktop Manager versions 2024.3.29 and earlier Devolutions Remote Desktop Manager versions 2025.1.24 through 2025.1.25 Description: The issue is related to insufficient logging in the autotyping feature, allowing an...