Devolutions Server Security Vulnerabilities and Issues — Devolutions Server CVE List

Lucene search

DevolutionsDevolutions Server

6 matches found

CVE•added 2021/04/01 10:15 p.m.•73 views

CVE-2021-23924

An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files.

7.5CVSS7.3AI score0.00322EPSS

CVE•added 2021/04/14 8:15 p.m.•60 views

CVE-2021-28157

An SQL Injection issue in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows an administrative user to execute arbitrary SQL commands via a username in api/security/userinfo/delete.

7.2CVSS7.6AI score0.00242EPSS

CVE•added 2024/03/05 10:15 p.m.•46 views

CVE-2024-1764

Improper privilege management in Just-in-time (JIT) elevation module in Devolutions Server 2023.3.14.0 and earlier allows a user to continue using the elevated privilege even after the expiration under specific circumstances

7.6CVSS6.7AI score0.00093EPSS

CVE•added 2025/03/05 7:15 p.m.•42 views

CVE-2025-2003

Incorrect authorization in PAM vaults in Devolutions Server 2024.3.12 and earlier allows an authenticated user to bypass the 'add in root' permission.

7.1CVSS7AI score0.00051EPSS

CVE•added 2025/03/13 1:15 p.m.•38 views

CVE-2025-2277

Exposure of password in web-based SSH authentication component in Devolutions Server 2024.3.13 and earlier allows a user to unadvertently leak his SSH password due to missing password masking.

7.5CVSS6.9AI score0.0009EPSS

CVE•added 2023/10/13 1:15 p.m.•32 views

CVE-2023-5240

Improper access control in PAM propagation scripts in Devolutions Server 2023.2.8.0 and ealier allows an attack with permission to manage PAM propagation scripts to retrieve passwords stored in it via a GET request.

7.5CVSS7.3AI score0.00177EPSS