Lucene search
K
DevolutionsDevolutions Server

24 matches found

CVE
CVE
added 2021/04/01 9:50 p.m.271 views

CVE-2021-23925

Devolutions Server (prior to version 2020.3) contains a cross-site scripting (XSS) vulnerability in Document entries. The issue affects the Document-type data handling and allows injecting JavaScript code, as described across multiple CVE references (CVE-2021-23925) with CVSS v3.1 base score 6.1 ...

6.1CVSS6AI score0.00588EPSS
CVE
CVE
added 2023/03/23 5:13 p.m.82 views

CVE-2023-1603

CVE-2023-1603 affects Devolutions Server 2022.3.13 and earlier: a permission bypass vulnerability in the User vault when importing or synchronizing entries, due to an ID collision that lets users with restricted rights bypass entry permissions. The reported impact is that integrity of access cont...

6.5CVSS6.4AI score0.00618EPSS
CVE
CVE
added 2022/11/01 6:28 p.m.75 views

CVE-2022-3781

CVE-2022-3781 affects Devolutions Remote Desktop Manager (versions 2022.2.26 and earlier) and Devolutions Server (versions 2022.3.1 and earlier). The root cause is that Dashlane passwords and Keepass Server passwords stored in My Account Settings are not encrypted in the database, allowing databa...

6.5CVSS6.5AI score0.00434EPSS
CVE
CVE
added 2021/04/14 7:37 p.m.66 views

CVE-2021-28048

The CVE-2021-28048 entry concerns Devolutions Server (versions prior to 2021.1 and Devolutions Server LTS prior to 2020.3.18). The root cause is an overly permissive Cross-Origin Resource Sharing (CORS) policy that allows a remote attacker to leak cross-origin data via a specially crafted HTML pa...

6.5CVSS6.1AI score0.00567EPSS
CVE
CVE
added 2023/03/06 5:15 p.m.63 views

CVE-2023-1201

CVE-2023-1201 affects Devolutions Server 2022.3.12 and earlier, with an improper access control issue in the secure messages feature. An authenticated attacker who possesses the message UUID can access the data contained in that message, per multiple sources. The CVSSv3.1 base score is 6.5 (Mediu...

6.5CVSS6.3AI score0.00808EPSS
CVE
CVE
added 2025/03/13 12:56 p.m.61 views

CVE-2025-2278

CVE-2025-2278 affects Devolutions Server versions prior to or equal to 2024.3.13. The issue is improper access control in the temporary access requests and checkout requests endpoints, enabling an authenticated user to view information about these requests via a known request ID. The provided met...

6.5CVSS6.2AI score0.00421EPSS
CVE
CVE
added 2024/12/04 5:17 p.m.60 views

CVE-2024-12196

CVE-2024-12196 affects Devolutions Server 2024.3.7.0 and earlier due to incorrect authorization in the permissions component, allowing an authenticated user to view the password history of an entry without the view password permission. Documents identify the affected software and the underlying c...

6.5CVSS6.9AI score0.00455EPSS
CVE
CVE
added 2023/02/03 3:48 p.m.58 views

CVE-2023-0661

CVE-2023-0661 affects Devolutions Server. The vulnerability is an improper access control flaw that allows an authenticated user to access sensitive data they should not be able to view. The root cause is an access-control weakness; the impact is stated as high confidentiality impact with no inte...

6.5CVSS6.3AI score0.0074EPSS
CVE
CVE
added 2023/02/22 1:51 p.m.58 views

CVE-2023-0952

CVE-2023-0952 affects Devolutions Server 2022.3.12 and earlier, due to improper access controls on entries that could allow an authenticated user to access sensitive data without proper authorization. The CVE has a NVD score of 6.5 (Medium) with network attack vector, low attack complexity, and p...

6.5CVSS6.3AI score0.00659EPSS
CVE
CVE
added 2025/05/01 6:26 p.m.58 views

CVE-2025-3517

CVE-2025-3517 affects Devolutions Server (versions ≤ 2025.1.5.0) and concerns the PAM JIT elevation feature. The root cause is an incorrect privilege assignment caused by failure to update the internal account SID when updating a username, enabling a PAM user to elevate a previously configured us...

6.3CVSS6.3AI score0.00267EPSS
CVE
CVE
added 2025/06/05 1:37 p.m.57 views

CVE-2025-5382

CVE-2025-5382 concerns Devolutions Server (versions ≤ 2025.1.7.0) where improper access control in the user MFA feature lets a user with the user-management permission remove or change administrators’ MFA settings. The vulnerability affects the MFA configuration component and is triggered by insu...

6.8CVSS6.9AI score0.00337EPSS
CVE
CVE
added 2025/05/28 12:35 p.m.56 views

CVE-2025-4493

The CVE-2025-4493 entry concerns Devolutions Server, where an improper privilege assignment in PAM JIT privilege sets can let a PAM user perform PAM JIT requests on unauthorized groups due to a user interface issue. Impacted versions include 2025.1.3.0–2025.1.7.0 and 2024.3.15.0 and earlier. The ...

6.5CVSS6.9AI score0.00311EPSS
CVE
CVE
added 2024/05/17 3:18 p.m.55 views

CVE-2024-5072

The CVE-2024-5072 entry describes a vulnerability in Devolutions Server (versions up to 2024.1.11.0) where improper input validation in the PAM JIT elevation feature allows an authenticated user to manipulate LDAP filter queries through a specially crafted request. Documented details include affe...

6.5CVSS6.6AI score0.00678EPSS
CVE
CVE
added 2024/09/25 1:55 p.m.51 views

CVE-2024-6512

CVE-2024-6512: Affects Devolutions Server 2024.2.10 and earlier. The issue is an authorization bypass in the PAM access request approval mechanism that lets authenticated users with approval permissions approve their own requests, bypassing security restrictions. Impact described as an integrity ...

6.5CVSS6.9AI score0.00298EPSS
CVE
CVE
added 2023/10/16 1:29 p.m.50 views

CVE-2023-5575

Devolutions Server CVE-2023-5575 affects versions 2022.3.13.0 and earlier. The issue is improper access control in permission inheritance, enabling a low-privileged, compromised user to access entries via a specific combination of permissions on the entry and its parent. Remediation is to update ...

6.5CVSS6.3AI score0.00631EPSS
CVE
CVE
added 2024/06/25 12:18 p.m.44 views

CVE-2024-4846

CVE-2024-4846 describes an authentication bypass in the 2FA feature of Devolutions Server, affected versions 2024.1.14.0 and earlier. An authenticated attacker can sign in as another user without being prompted for 2FA via another browser tab. The available connected documents confirm the vulnera...

6.3CVSS6.8AI score0.00386EPSS
CVE
CVE
added 2026/06/08 6:26 p.m.24 views

CVE-2026-10544

This CVE (CVE-2026-10544) affects Devolutions Server, specifically versions 2026.2.4.0 and 2026.1.20.0 and earlier. The issue is described as improper neutralization of special elements in the built-in PAM provider password rotation templates, allowing an authenticated user with write access to a...

6.5CVSS5.9AI score0.00196EPSS
CVE
CVE
added 2026/06/08 6:26 p.m.24 views

CVE-2026-10786

CVE-2026-10786 affects Devolutions Server 2026.2.4.0 and 2026.1.20.0 and earlier. The issue is improper access control in the ticketing integration settings that allows an authenticated low-privilege user to obtain cleartext credentials for configured ticketing integrations via a crafted API requ...

6.5CVSS5.5AI score0.00148EPSS
CVE
CVE
added 2025/11/28 5:0 p.m.19 views

CVE-2025-13683

CVE-2025-13683 describes exposure of credentials via unintended requests in Devolutions Server and Devolutions Remote Desktop Manager on Windows. Affected versions: Devolutions Server up to 2025.3.8.0 and Remote Desktop Manager up to 2025.3.23.0. Impact is high confidentiality exposure over netwo...

6.5CVSS6.7AI score0.00346EPSS
CVE
CVE
added 2026/06/16 6:28 p.m.15 views

CVE-2026-12105

CVE-2026-12105 affects Devolutions Server in versions 2026.2.5 and 2026.1.21. The root cause is improper access control that allows an authenticated user to access attachments via folder duplication with inherited permissions. The documented impact is confidential data exposure (high) with a CVSS...

6.5CVSS5.3AI score0.00201EPSS
CVE
CVE
added 2026/02/24 7:1 p.m.15 views

CVE-2026-3131

CVE-2026-3131 : Devolutions Server prior to 2025.3.14.0 suffers improper access control in multiple DVLS REST API endpoints, allowing an authenticated user with view-only permission to access sensitive connection data. Connected sources indicate remediation by upgrading to 2025.3.15.0 or later; o...

6.5CVSS5.3AI score0.00301EPSS
CVE
CVE
added 2026/04/01 2:54 p.m.13 views

CVE-2026-4927

CVE-2026-4927 affects Devolutions Server. A flaw in the MFA feature allows users with user-management privileges to obtain other users’ OTP keys via an authenticated API request, exposing sensitive information. Affected versions are 2026.1.6 through 2026.1.11. No remediation details are provided ...

6.5CVSS5.9AI score0.00224EPSS
CVE
CVE
added 2025/11/06 4:36 p.m.12 views

CVE-2025-12808

CVE-2025-12808 affects Devolutions Server. The vulnerability is due to improper access control that allows a View-only user to retrieve sensitive third-level nested fields (e.g., password lists custom values), potentially leading to password disclosure. Affected versions include Devolutions Serve...

6.5CVSS6.5AI score0.00392EPSS
CVE
CVE
added 2026/04/28 1:11 p.m.11 views

CVE-2026-6706

CVE-2026-6706 involves an improper access control flaw in the vault documentation feature of Devolutions Server up to 2026.1.14.0. An authenticated attacker can read documentation content from unauthorized vaults via a crafted API request. Affected component: vault documentation feature; root cau...

6.5CVSS5.2AI score0.00201EPSS