Lucene search
+L
DevolutionsDevolutions Server

19 matches found

CVE
CVE
added 2025/02/11 2:5 p.m.71 views

CVE-2025-1231

The CVE-2025-1231 affects Devolutions Server 2024.3.10.0 and earlier, caused by an improper password reset in the PAM module that lets an authenticated user reuse the oracle password after check-in due to a crash in the password reset flow. Exploitation details are not provided in the documents. ...

5.4CVSS5.5AI score0.00337EPSS
CVE
CVE
added 2022/07/06 6:56 p.m.63 views

CVE-2022-2316

CVE-2022-2316 : The connected sources confirm an HTML injection vulnerability in Devolutions Server prior to 2022.2 affecting the handling of secure messages. The root cause is injection of HTML tags into a secure message (including its header, per CNNVD) that can alter how the page renders or ca...

5.4CVSS5.5AI score0.0053EPSS
CVE
CVE
added 2023/11/01 5:17 p.m.61 views

CVE-2023-5358

CVE-2023-5358 affects Devolutions Server (versions ≤ 2023.2.10.0). The issue is an improper access control in the Report log filters feature, which allows an attacker to retrieve logs from vaults or entries beyond their permissions via the report request URL query parameters. The public documenta...

5.3CVSS5.3AI score0.00548EPSS
CVE
CVE
added 2024/12/04 5:17 p.m.58 views

CVE-2024-12151

CVE-2024-12151 affects Devolutions Server (versions 2024.3.8.0 and earlier) due to an incorrect permission assignment in the User Migration feature, allowing users to retain their old permission sets. The vulnerable component is the User Migration feature; root cause: incorrect permission handlin...

5CVSS6.9AI score0.00268EPSS
CVE
CVE
added 2025/06/05 1:41 p.m.58 views

CVE-2025-0691

CVE-2025-0691 concerns Devolutions Server versions 2025.1.10.0 and earlier, where improper access control in the permissions component lets an authenticated user bypass the "Edit permission" permission by bypassing client-side validation. The impact is limited to bypassing permission checks to ed...

5CVSS6.8AI score0.00268EPSS
CVE
CVE
added 2025/06/05 1:36 p.m.55 views

CVE-2025-3768

CVE-2025-3768 affects Devolutions Server (versions 2025.1.10.0 and earlier) due to improper access control in the Tor network blocking feature. An authenticated user can bypass the Tor blocking when the Devolutions hosted endpoint is unreachable, with a CVSSv3.1 base score of 5.0 (Medium). No exp...

5CVSS6.8AI score0.00213EPSS
CVE
CVE
added 2023/04/21 9:52 p.m.54 views

CVE-2023-2118

CVE-2023-2118 affects Devolutions Server 2023.1.5.0 and earlier. The issue is insufficient access control in the support ticket feature, enabling an authenticated attacker to send support tickets and download diagnostic files through specific endpoints. Impact is described as unauthorized access ...

5.4CVSS5.3AI score0.00365EPSS
CVE
CVE
added 2024/03/05 9:34 p.m.51 views

CVE-2024-1900

This CVE affects Devolutions Server (versions up to 2023.3.14.0) where improper session management in the identity provider authentication flow can allow an authenticated user, validated via an external IdP (e.g., Okta or O365), to remain authenticated after their identity is disabled or deleted....

5.5CVSS6.8AI score0.00228EPSS
CVE
CVE
added 2026/06/02 2:7 p.m.35 views

CVE-2026-9590

Technical details beyond the description are not publicly provided in the supplied documents. No affected versions, exploit specifics, or remediation steps are confirmed here; monitor for updates from the vendor and standard advisories.

5.3CVSS5.8AI score0.00184EPSS
CVE
CVE
added 2026/05/22 3:24 p.m.34 views

CVE-2026-9245

CVE-2026-9245 describes an improper input validation vulnerability in the external authentication provider flow of Devolutions Server. An unauthenticated remote attacker can coerce victims of Devolutions Server 2026.1.6.0–2026.1.16.0 and 2025.3.20.0 and earlier to be redirected to an attacker‑con...

5CVSS5.8AI score0.00169EPSS
CVE
CVE
added 2023/11/22 6:39 p.m.33 views

CVE-2023-6264

The CVE-2023-6264 case concerns Devolutions Server (version 2023.3.7.0). The issue is an information leak in the Content-Security-Policy header that allows an unauthenticated attacker to list configured Devolutions Gateways endpoints, i.e., information disclosure with network access (no authentic...

5.3CVSS5.3AI score0.00517EPSS
CVE
CVE
added 2026/05/22 3:29 p.m.32 views

CVE-2026-9251

The CVE-2026-9251 issue affects Devolutions Server versions 2026.1.6.0–2026.1.16.0 and 2025.3.20.0 and earlier. The vulnerability arises from missing authorization in the entry status management feature, allowing a non-administrator authenticated user to bypass the administrator-enforced Pending ...

5.4CVSS5.8AI score0.00142EPSS
CVE
CVE
added 2025/07/30 4:6 p.m.23 views

CVE-2025-8353

The CVE-2025-8353 entry concerns a UI synchronization issue in Devolutions Server (JIT) that affects versions prior to and including 2025.2.4.0. A remote authenticated attacker could exploit stale UI state during standard checkout processing to gain unauthorized access to deleted JIT Groups. Affe...

5.9CVSS7.1AI score0.00389EPSS
CVE
CVE
added 2025/10/22 5:8 p.m.20 views

CVE-2025-11958

Devolutions Server

5.1CVSS6.1AI score0.00415EPSS
CVE
CVE
added 2026/04/01 3:4 p.m.18 views

CVE-2026-5175

The Devolutions Server MFA management API is affected by improper access control (CVE-2026-5175) allowing an authenticated attacker to delete their own MFA factors, lowering protection to password-only authentication. Affected versions are 2026.1.6 through 2026.1.11; remediation per the public ad...

5CVSS5.9AI score0.00254EPSS
CVE
CVE
added 2026/06/02 2:8 p.m.18 views

CVE-2026-9522

Summary (CVE-2026-9522): Improper access control in the PAM account discovery feature of Devolutions Server 2026.1.19 and earlier enables an authenticated user without administrative privileges to delete network discovery scan configurations. Affected product is Devolutions Server (version line n...

5.4CVSS5.8AI score0.00138EPSS
CVE
CVE
added 2026/04/01 2:44 p.m.16 views

CVE-2026-4829

Summary: CVE-2026-4829 affects Devolutions Server versions up to 2026.1.11 (and earlier) and relates to improper authentication in the external OAuth flow. An authenticated user can authenticate as other users, including administrators, by reusing a session code from an external authentication fl...

5.4CVSS5.9AI score0.00167EPSS
CVE
CVE
added 2026/03/09 6:51 p.m.12 views

CVE-2026-3638

CVE-2026-3638 : Multiple sources (NVD, Red Hat, ENISA, CVE List) describe an improper access control flaw in Devolutions Server up to version 2025.3.11.0. A low-privileged, authenticated user can restore deleted users and roles via crafted API requests on the user/role restore endpoints. Document...

5.9CVSS5.8AI score0.00177EPSS
CVE
CVE
added 2026/04/01 3:2 p.m.9 views

CVE-2026-4925

CVE-2026-4925 is supported by connected sources as an issue in Devolutions Server MFA management: from versions 2026.1.6 through 2026.1.11, an authenticated user can bypass administrator-enforced restrictions and remove their own MFA configuration via a crafted request. The Red Hat, NVD, ENISA, C...

5CVSS5.9AI score0.00194EPSS