Lucene search
+L

19 matches found

CVE
CVE
added 2025/02/11 2:5 p.m.70 views

CVE-2025-1231

The CVE-2025-1231 affects Devolutions Server 2024.3.10.0 and earlier, caused by an improper password reset in the PAM module that lets an authenticated user reuse the oracle password after check-in due to a crash in the password reset flow. Exploitation details are not provided in the documents. ...

5.4CVSS5.5AI score0.00337EPSS
CVE
CVE
added 2025/03/13 1:2 p.m.67 views

CVE-2025-2280

In Devolutions Server, CVE-2025-2280 corresponds to improper access control in the Web Extension Restrictions feature, affecting version 2024.3.4.0 and earlier. An authenticated user can bypass the browser extension restriction, per sources describing this vulnerability. The provided documents co...

8.1CVSS8AI score0.0047EPSS
CVE
CVE
added 2025/05/05 2:0 p.m.66 views

CVE-2025-4316

CVE-2025-4316 describes an improper access control in the PAM feature of Devolutions Server that enables a PAM user to self-approve requests, contrary to policy. Affected versions include 2025.1.3.0–2025.1.6.0 and all versions up to 2024.3.15.0. The issue’s root cause is restricted to PAM workflo...

4.3CVSS4.5AI score0.00305EPSS
CVE
CVE
added 2025/03/13 12:56 p.m.61 views

CVE-2025-2278

CVE-2025-2278 affects Devolutions Server versions prior to or equal to 2024.3.13. The issue is improper access control in the temporary access requests and checkout requests endpoints, enabling an authenticated user to view information about these requests via a known request ID. The provided met...

6.5CVSS6.2AI score0.00421EPSS
CVE
CVE
added 2025/03/05 6:56 p.m.60 views

CVE-2025-2003

Summary (CVE-2025-2003) : Affected product Devolutions Server (versions 2024.3.12 and earlier) contains an incorrect authorization flaw in PAM vaults that allows an authenticated user to bypass the ‘add in root’ permission. Public sources consistently describe this as an authorization bypass vuln...

7.1CVSS7AI score0.00409EPSS
CVE
CVE
added 2025/05/01 6:26 p.m.58 views

CVE-2025-3517

CVE-2025-3517 affects Devolutions Server (versions ≤ 2025.1.5.0) and concerns the PAM JIT elevation feature. The root cause is an incorrect privilege assignment caused by failure to update the internal account SID when updating a username, enabling a PAM user to elevate a previously configured us...

6.3CVSS6.3AI score0.00267EPSS
CVE
CVE
added 2025/06/05 1:37 p.m.58 views

CVE-2025-5382

CVE-2025-5382 concerns Devolutions Server (versions ≤ 2025.1.7.0) where improper access control in the user MFA feature lets a user with the user-management permission remove or change administrators’ MFA settings. The vulnerability affects the MFA configuration component and is triggered by insu...

6.8CVSS6.9AI score0.00337EPSS
CVE
CVE
added 2025/05/30 12:16 p.m.57 views

CVE-2025-4433

CVE-2025-4433 affects Devolutions Server (versions 2025.1.7.0 and earlier). The vulnerability arises from improper access control in User Group Management, enabling a non-administrative user who has both User Management and User Group Management permissions to escalate privileges by adding users ...

8.8CVSS6.9AI score0.00465EPSS
CVE
CVE
added 2025/03/13 12:47 p.m.55 views

CVE-2025-2277

CVE-2025-2277 affects Devolutions Server

7.5CVSS6.9AI score0.00515EPSS
CVE
CVE
added 2025/07/30 4:10 p.m.25 views

CVE-2025-8312

CVE-2025-8312 describes a deadlock in Devolutions Server’s PAM automatic check-in feature that can allow a password to stay valid past its intended check-out. Affected versions include Devolutions Server 2025.2.2.0 through 2025.2.5.0 and 2025.1.12.0 and earlier. The root cause is a scheduling-ser...

7.1CVSS6.4AI score0.00299EPSS
CVE
CVE
added 2025/11/27 3:30 p.m.24 views

CVE-2025-13765

CVE-2025-13765 affects Devolutions Server, where email service credentials are exposed to non-administrative users. Public details in connected documents specify affected versions as before 2025.2.21 and before 2025.3.9. The issue’s root cause is credential exposure in the email service, with mul...

4.3CVSS6.5AI score0.00326EPSS
CVE
CVE
added 2025/11/27 3:30 p.m.23 views

CVE-2025-13757

CVE-2025-13757 affects Devolutions Server. The issue is an SQL injection in the last usage logs, exploitable across affected builds through 2025.2.20 and 2025.3.8. CVSS v3.1 base score 8.8 (NETWORK, LOW complexity, LOW privileges, no user interaction). Impact is high on confidentiality, integrity...

8.8CVSS7.7AI score0.00524EPSS
CVE
CVE
added 2025/07/30 4:6 p.m.23 views

CVE-2025-8353

The CVE-2025-8353 entry concerns a UI synchronization issue in Devolutions Server (JIT) that affects versions prior to and including 2025.2.4.0. A remote authenticated attacker could exploit stale UI state during standard checkout processing to gain unauthorized access to deleted JIT Groups. Affe...

5.9CVSS7.1AI score0.00389EPSS
CVE
CVE
added 2025/11/28 5:0 p.m.21 views

CVE-2025-13683

CVE-2025-13683 describes exposure of credentials via unintended requests in Devolutions Server and Devolutions Remote Desktop Manager on Windows. Affected versions: Devolutions Server up to 2025.3.8.0 and Remote Desktop Manager up to 2025.3.23.0. Impact is high confidentiality exposure over netwo...

6.5CVSS6.7AI score0.00346EPSS
CVE
CVE
added 2025/10/15 7:45 p.m.18 views

CVE-2025-11619

The CVE-2025-11619 entry affects Devolutions Server. Affected component: the server’s gateway connection path where improper certificate validation occurs during gateway connections. Root cause: improper certificate validation enables a man-in-the-middle position to intercept traffic when establi...

8.8CVSS6.4AI score0.00225EPSS
CVE
CVE
added 2025/11/06 4:37 p.m.18 views

CVE-2025-12485

CVE-2025-12485 affects Devolutions Server, with vulnerable cookie handling in pre-MFA flow. A low-privileged authenticated user can impersonate another account by replaying the pre-MFA cookie; MFA verification is not bypassed. Affected versions include Devolutions Server 2025.3.2.0–2025.3.5.0 and...

8.8CVSS6.3AI score0.0058EPSS
CVE
CVE
added 2025/10/22 5:9 p.m.17 views

CVE-2025-11957

Devolutions Server (versions up to and including 2025.2.12.0) is affected by an improper authorization vulnerability in the temporary access workflow. An authenticated basic user can self-approve or approve others’ temporary access requests, enabling unauthorized access to vaults and entries via ...

9CVSS6.3AI score0.00298EPSS
CVE
CVE
added 2025/11/27 3:30 p.m.16 views

CVE-2025-13758

CVE-2025-13758 is tied to Devolutions Server and describes exposure of credentials in unintended requests. The connected Nessus entry (DEVO-2025-0018) confirms this issue alongside related CVEs and states affected versions include Devolutions Server up to 2025.2.20 and up to 2025.3.8, respectivel...

3.5CVSS6.6AI score0.00258EPSS
CVE
CVE
added 2025/11/06 4:36 p.m.14 views

CVE-2025-12808

CVE-2025-12808 affects Devolutions Server. The vulnerability is due to improper access control that allows a View-only user to retrieve sensitive third-level nested fields (e.g., password lists custom values), potentially leading to password disclosure. Affected versions include Devolutions Serve...

6.5CVSS6.5AI score0.00392EPSS