Lucene search
K
DevolutionsDevolutions Server

14 matches found

CVE
CVE
added 2021/04/01 9:44 p.m.79 views

CVE-2021-23923

The CVE concerns Devolutions Server prior to 2020.3 with a Broken Authentication issue involving Windows domain users. Public documents identify affected software and the vulnerability type but do not provide exploit details, exact root cause, or remediation steps within the supplied sources. Mon...

8.1CVSS8AI score0.00758EPSS
CVE
CVE
added 2024/03/26 3:51 p.m.71 views

CVE-2024-2915

CVE-2024-2915 affects Devolutions Server up to version 2024.1.6, where a flaw in the PAM JIT elevation feature permits an attacker with PAM JIT access to elevate to unauthorized groups via a specially crafted request. The issue is categorized as improper access control; CVSS v3.1 base score 8.8 (...

8.8CVSS6.7AI score0.00647EPSS
CVE
CVE
added 2022/07/07 11:19 a.m.67 views

CVE-2022-33996

CVE-2022-33996 affects Devolutions Server older than 2022.2. The issue is incorrect permission management where a new user with a preexisting username inherits the permissions of the previous user. Documented impact includes potential confidentiality, integrity, and availability concerns, with CV...

8.8CVSS8.5AI score0.01026EPSS
CVE
CVE
added 2025/03/13 1:2 p.m.66 views

CVE-2025-2280

In Devolutions Server, CVE-2025-2280 corresponds to improper access control in the Web Extension Restrictions feature, affecting version 2024.3.4.0 and earlier. An authenticated user can bypass the browser extension restriction, per sources describing this vulnerability. The provided documents co...

8.1CVSS8AI score0.0047EPSS
CVE
CVE
added 2023/02/22 1:46 p.m.58 views

CVE-2023-0951

CVE-2023-0951 affects Devolutions Server 2022.3.12 and earlier, due to improper access controls on certain API endpoints. A standard privileged user could perform privileged actions, with impact described as high for confidentiality, integrity, and availability. The provided documents identify th...

8.8CVSS8.4AI score0.00997EPSS
CVE
CVE
added 2025/05/30 12:16 p.m.57 views

CVE-2025-4433

CVE-2025-4433 affects Devolutions Server (versions 2025.1.7.0 and earlier). The vulnerability arises from improper access control in User Group Management, enabling a non-administrative user who has both User Management and User Group Management permissions to escalate privileges by adding users ...

8.8CVSS6.9AI score0.00465EPSS
CVE
CVE
added 2023/02/22 1:42 p.m.48 views

CVE-2023-0953

The CVE concerns Devolutions Server (version 2022.3.12 and earlier). The root cause is insufficient input sanitization in the documentation feature, enabling an authenticated attacker to perform an SQL Injection and potentially access system resources. Impact is described as high (C/H/I/A), with ...

8.8CVSS8.4AI score0.01032EPSS
CVE
CVE
added 2025/11/27 3:30 p.m.20 views

CVE-2025-13757

CVE-2025-13757 affects Devolutions Server. The issue is an SQL injection in the last usage logs, exploitable across affected builds through 2025.2.20 and 2025.3.8. CVSS v3.1 base score 8.8 (NETWORK, LOW complexity, LOW privileges, no user interaction). Impact is high on confidentiality, integrity...

8.8CVSS7.7AI score0.00524EPSS
CVE
CVE
added 2025/10/15 7:45 p.m.17 views

CVE-2025-11619

The CVE-2025-11619 entry affects Devolutions Server. Affected component: the server’s gateway connection path where improper certificate validation occurs during gateway connections. Root cause: improper certificate validation enables a man-in-the-middle position to intercept traffic when establi...

8.8CVSS6.4AI score0.00225EPSS
CVE
CVE
added 2026/04/01 2:50 p.m.16 views

CVE-2026-4924

CVE-2026-4924 describes an improper authentication in the 2FA feature of Devolutions Server prior to 2026.1.12 (also before 2026.1.11 per advisories), where a remote actor with valid credentials can bypass MFA by reusing a partially authenticated session token, enabling unauthorized access to a v...

8.2CVSS5.9AI score0.00326EPSS
CVE
CVE
added 2026/03/20 12:52 p.m.15 views

CVE-2026-4434

CVE-2026-4434: Improper certificate validation in PAM propagation WinRM connections enables a network attacker to perform a man-in-the-middle attack when TLS certificate verification is disabled. Documented across multiple feeds (Red Hat, EUVD, NVD, etc.) with a high impact concern (CVSS 8.1). Af...

8.1CVSS5.8AI score0.00144EPSS
CVE
CVE
added 2025/11/06 4:37 p.m.13 views

CVE-2025-12485

CVE-2025-12485 affects Devolutions Server, with vulnerable cookie handling in pre-MFA flow. A low-privileged authenticated user can impersonate another account by replaying the pre-MFA cookie; MFA verification is not bypassed. Affected versions include Devolutions Server 2025.3.2.0–2025.3.5.0 and...

8.8CVSS6.3AI score0.0058EPSS
CVE
CVE
added 2026/04/01 2:48 p.m.12 views

CVE-2026-4828

Summary (CVE-2026-4828) : Devolutions Server prior to 2026.1.12 is affected by an improper authentication flaw in the OAuth login flow that enables a remote attacker with valid credentials to bypass MFA via a crafted login request. Affected versions include 2026.1.11 and earlier. The issue is mit...

8.2CVSS5.9AI score0.0026EPSS
CVE
CVE
added 6 days ago11 views

CVE-2026-14536

CVE-2026-14536 affects Devolutions Server 2026.2.9.0. The issue is improper enforcement of a mandatory multi-factor authentication policy, allowing an attacker with valid credentials to bypass MFA and authenticate without completing MFA due to an invalid default MFA value. The available sources d...

8.8CVSS6AI score0.00231EPSS