Lucene search
K
DevolutionsDevolutions Server

5 matches found

CVE
CVE
added 2023/06/20 4:19 p.m.46 views

CVE-2023-2400

Summary: CVE-2023-2400 affects Devolutions Server 2023.1.8 and earlier. The vulnerability stems from an improper deletion of resources in the user management feature, which allows an administrator to view the vaults of deleted users via database access. Affected software/area: Devolutions Server,...

2.7CVSS4AI score0.00442EPSS
CVE
CVE
added 2026/05/22 3:27 p.m.26 views

CVE-2026-8477

CVE-2026-8477 describes an issue in Devolutions Server where the sealed-entry workflow for entry sensitive-data retrieval can be bypassed: an authenticated user with access to a sealed entry could fetch its sensitive data without triggering the unseal audit via a crafted API request. Affected ver...

2.7CVSS5.8AI score0.00178EPSS
CVE
CVE
added 2026/05/22 3:23 p.m.24 views

CVE-2026-9247

CVE-2026-9247: Insufficient logging in Devolutions Server’s entry export feature allows an authenticated user with export permissions to export a sealed entry without triggering the unseal notification. Affected: Devolutions Server 2026.1.6.0–2026.1.16.0 and 2025.3.20.0 and earlier. Root cause: l...

2.4CVSS5.8AI score0.00157EPSS
CVE
CVE
added 2026/05/22 3:22 p.m.22 views

CVE-2026-9248

CVE-2026-9248 details an authorization bypass in Devolutions Server’s entry-duplication feature. An authenticated user with write access to any vault can craft a save request to copy documentation and attachments from an entry in a vault they cannot access. Affected versions include Devolutions S...

2.6CVSS5.8AI score0.00129EPSS
CVE
CVE
added 2026/06/25 1:12 p.m.13 views

CVE-2026-12755

CVE-2026-12755 affects Devolutions Server 2026.2.4.0–2026.2.7.0. It is caused by improper input validation in the PAM AD discovery endpoints. An authenticated user with the UserGroupsView permission can coerce server-side authentication to an attacker-controlled host, exposing PAM provider creden...

2.7CVSS5.8AI score0.00216EPSS