14 matches found
CVE-2021-23923
The CVE concerns Devolutions Server prior to 2020.3 with a Broken Authentication issue involving Windows domain users. Public documents identify affected software and the vulnerability type but do not provide exploit details, exact root cause, or remediation steps within the supplied sources. Mon...
CVE-2024-2915
CVE-2024-2915 affects Devolutions Server up to version 2024.1.6, where a flaw in the PAM JIT elevation feature permits an attacker with PAM JIT access to elevate to unauthorized groups via a specially crafted request. The issue is categorized as improper access control; CVSS v3.1 base score 8.8 (...
CVE-2022-33996
CVE-2022-33996 affects Devolutions Server older than 2022.2. The issue is incorrect permission management where a new user with a preexisting username inherits the permissions of the previous user. Documented impact includes potential confidentiality, integrity, and availability concerns, with CV...
CVE-2025-2280
In Devolutions Server, CVE-2025-2280 corresponds to improper access control in the Web Extension Restrictions feature, affecting version 2024.3.4.0 and earlier. An authenticated user can bypass the browser extension restriction, per sources describing this vulnerability. The provided documents co...
CVE-2023-0951
CVE-2023-0951 affects Devolutions Server 2022.3.12 and earlier, due to improper access controls on certain API endpoints. A standard privileged user could perform privileged actions, with impact described as high for confidentiality, integrity, and availability. The provided documents identify th...
CVE-2025-4433
CVE-2025-4433 affects Devolutions Server (versions 2025.1.7.0 and earlier). The vulnerability arises from improper access control in User Group Management, enabling a non-administrative user who has both User Management and User Group Management permissions to escalate privileges by adding users ...
CVE-2023-0953
The CVE concerns Devolutions Server (version 2022.3.12 and earlier). The root cause is insufficient input sanitization in the documentation feature, enabling an authenticated attacker to perform an SQL Injection and potentially access system resources. Impact is described as high (C/H/I/A), with ...
CVE-2025-13757
CVE-2025-13757 affects Devolutions Server. The issue is an SQL injection in the last usage logs, exploitable across affected builds through 2025.2.20 and 2025.3.8. CVSS v3.1 base score 8.8 (NETWORK, LOW complexity, LOW privileges, no user interaction). Impact is high on confidentiality, integrity...
CVE-2025-11619
The CVE-2025-11619 entry affects Devolutions Server. Affected component: the server’s gateway connection path where improper certificate validation occurs during gateway connections. Root cause: improper certificate validation enables a man-in-the-middle position to intercept traffic when establi...
CVE-2026-4924
CVE-2026-4924 describes an improper authentication in the 2FA feature of Devolutions Server prior to 2026.1.12 (also before 2026.1.11 per advisories), where a remote actor with valid credentials can bypass MFA by reusing a partially authenticated session token, enabling unauthorized access to a v...
CVE-2026-4434
CVE-2026-4434: Improper certificate validation in PAM propagation WinRM connections enables a network attacker to perform a man-in-the-middle attack when TLS certificate verification is disabled. Documented across multiple feeds (Red Hat, EUVD, NVD, etc.) with a high impact concern (CVSS 8.1). Af...
CVE-2025-12485
CVE-2025-12485 affects Devolutions Server, with vulnerable cookie handling in pre-MFA flow. A low-privileged authenticated user can impersonate another account by replaying the pre-MFA cookie; MFA verification is not bypassed. Affected versions include Devolutions Server 2025.3.2.0–2025.3.5.0 and...
CVE-2026-4828
Summary (CVE-2026-4828) : Devolutions Server prior to 2026.1.12 is affected by an improper authentication flaw in the OAuth login flow that enables a remote attacker with valid credentials to bypass MFA via a crafted login request. Affected versions include 2026.1.11 and earlier. The issue is mit...
CVE-2026-14536
CVE-2026-14536 affects Devolutions Server 2026.2.9.0. The issue is improper enforcement of a mandatory multi-factor authentication policy, allowing an attacker with valid credentials to bypass MFA and authenticate without completing MFA due to an invalid default MFA value. The available sources d...