Devolutions Server Security Vulnerabilities and Issues — Devolutions Server CVE List

Lucene search

DevolutionsDevolutions Server

7 matches found

CVE•added 2021/04/01 10:15 p.m.•259 views

CVE-2021-23925

An issue was discovered in Devolutions Server before 2020.3. There is a cross-site scripting (XSS) vulnerability in entries of type Document.

6.1CVSS6AI score0.00285EPSS

CVE•added 2021/04/01 10:15 p.m.•73 views

CVE-2021-23924

An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files.

7.5CVSS7.3AI score0.00322EPSS

CVE•added 2021/04/01 10:15 p.m.•67 views

CVE-2021-23921

An issue was discovered in Devolutions Server before 2020.3. There is broken access control on Password List entry elements.

9.1CVSS9.1AI score0.00282EPSS

CVE•added 2021/04/01 10:15 p.m.•67 views

CVE-2021-23923

An issue was discovered in Devolutions Server before 2020.3. There is Broken Authentication with Windows domain users.

8.1CVSS8AI score0.00183EPSS

CVE•added 2021/04/14 8:15 p.m.•60 views

CVE-2021-28157

An SQL Injection issue in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows an administrative user to execute arbitrary SQL commands via a username in api/security/userinfo/delete.

7.2CVSS7.6AI score0.00242EPSS

CVE•added 2021/04/14 8:15 p.m.•53 views

CVE-2021-28048

An overly permissive CORS policy in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS6.1AI score0.00148EPSS

CVE•added 2021/07/12 2:15 p.m.•37 views

CVE-2021-36382

Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint (which accepts cleartext).

4.3CVSS4.3AI score0.00131EPSS