1219 matches found
CVE-2023-2257
Authentication Bypass in Hub Business integration in Devolutions Workspace Desktop 2023.1.1.3 and earlier on Windows and macOS allows an attacker with access to the user interface to unlock a Hub Business space without being prompted to enter the password via an unimplemented "Force Login" securi...
Authentication flaw
Authentication Bypass in Hub Business integration in Devolutions Workspace Desktop 2023.1.1.3 and earlier on Windows and macOS allows an attacker with access to the user interface to unlock a Hub Business space without being prompted to enter the password via an unimplemented "Force Login" securi...
CVE-2023-2257
CVE-2023-2257 affects Devolutions Workspace Desktop (Hub Business integration) up to version 2023.1.1.3 on Windows/macOS. The issue is an authentication bypass: when the Force Login feature is enabled and a user has access to a locked Workspace desktop with a Hub Business space, an attacker can u...
CVE-2023-2257
Authentication Bypass in Hub Business integration in Devolutions Workspace Desktop 2023.1.1.3 and earlier on Windows and macOS allows an attacker with access to the user interface to unlock a Hub Business space without being prompted to enter the password via an unimplemented "Force Login" securi...
CVE-2023-2257
Authentication Bypass in Hub Business integration in Devolutions Workspace Desktop 2023.1.1.3 and earlier on Windows and macOS allows an attacker with access to the user interface to unlock a Hub Business space without being prompted to enter the password via an unimplemented "Force Login" securi...
Devolutions Workspace 安全漏洞
Devolutions Workspace is a mobile and desktop application from Devolutions Canada. A security vulnerability exists in Devolutions Workspace Desktop version 2023.1.1.3 and prior versions. An attacker could exploit the vulnerability to unlock Hub Workspace without being prompted to enter a password...
CVE-2023-2118
Insufficient access control in support ticket feature in Devolutions Server 2023.1.5.0 and below allows an authenticated attacker to send support tickets and download diagnostic files via specific endpoints...
CVE-2023-2118
Insufficient access control in support ticket feature in Devolutions Server 2023.1.5.0 and below allows an authenticated attacker to send support tickets and download diagnostic files via specific endpoints...
Improper access control
Insufficient access control in support ticket feature in Devolutions Server 2023.1.5.0 and below allows an authenticated attacker to send support tickets and download diagnostic files via specific endpoints...
CVE-2023-2118
CVE-2023-2118 affects Devolutions Server 2023.1.5.0 and earlier. The issue is insufficient access control in the support ticket feature, enabling an authenticated attacker to send support tickets and download diagnostic files through specific endpoints. Impact is described as unauthorized access ...
CVE-2023-2118
Insufficient access control in support ticket feature in Devolutions Server 2023.1.5.0 and below allows an authenticated attacker to send support tickets and download diagnostic files via specific endpoints...
PT-2023-17968 · Devolutions · Devolutions Server
Name of the Vulnerable Software and Affected Versions: Devolutions Server versions 2023.1.5.0 and below Description: The issue is related to insufficient access control in the support ticket feature, allowing an authenticated attacker to send support tickets and download diagnostic files via...
Devolutions Server 安全漏洞
Devolutions Server is an application from Devolutions Canada. provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2023.1.5.0 and prior versions, which stems from a vulnerability that allows an attacker to send...
CVE-2023-1939
No access control for the OTP key on OTP entries in Devolutions Remote Desktop Manager Windows 2022.3.33.0 and prior versions and Remote Desktop Manager Linux 2022.3.2.0 and prior versions allows non admin users to see OTP keys via the user interface...
CVE-2023-1980
Two factor authentication bypass on login in Devolutions Remote Desktop Manager 2022.3.35 and earlier allow user to cancel the two factor authentication via the application user interface and open entries...
Design/Logic Flaw
No access control for the OTP key on OTP entries in Devolutions Remote Desktop Manager Windows 2022.3.33.0 and prior versions and Remote Desktop Manager Linux 2022.3.2.0 and prior versions allows non admin users to see OTP keys via the user interface...
Open redirect
Two factor authentication bypass on login in Devolutions Remote Desktop Manager 2022.3.35 and earlier allow user to cancel the two factor authentication via the application user interface and open entries...
CVE-2023-1939
CVE-2023-1939 concerns a lack of access control for the OTP key on OTP entries in Devolutions Remote Desktop Manager. Affected products: Windows 2022.3.33.0 and prior; Linux 2022.3.2.0 and prior. Impact: non-admin users can view OTP keys via the user interface. Root cause: insufficient authorizat...
CVE-2023-1980
Two factor authentication bypass on login in Devolutions Remote Desktop Manager 2022.3.35 and earlier allow user to cancel the two factor authentication via the application user interface and open entries...
CVE-2023-1980
Two factor authentication bypass on login in Devolutions Remote Desktop Manager 2022.3.35 and earlier allow user to cancel the two factor authentication via the application user interface and open entries...