Lucene search
K
DevolutionsDevolutions Server

7 matches found

CVE
CVE
added 2021/04/01 9:50 p.m.271 views

CVE-2021-23925

Devolutions Server (prior to version 2020.3) contains a cross-site scripting (XSS) vulnerability in Document entries. The issue affects the Document-type data handling and allows injecting JavaScript code, as described across multiple CVE references (CVE-2021-23925) with CVSS v3.1 base score 6.1 ...

6.1CVSS6AI score0.00588EPSS
CVE
CVE
added 2021/04/01 9:48 p.m.87 views

CVE-2021-23924

Summary: Devolutions Server prior to 2020.3 contains an information-disclosure vulnerability where diagnostic files expose sensitive data. Affected product: Devolutions Server (versions before 2020.3). Vulnerability: Exposure of sensitive information in diagnostic files. Root cause stated as info...

7.5CVSS7.3AI score0.00998EPSS
CVE
CVE
added 2021/04/01 9:44 p.m.79 views

CVE-2021-23923

The CVE concerns Devolutions Server prior to 2020.3 with a Broken Authentication issue involving Windows domain users. Public documents identify affected software and the vulnerability type but do not provide exploit details, exact root cause, or remediation steps within the supplied sources. Mon...

8.1CVSS8AI score0.00758EPSS
CVE
CVE
added 2021/04/01 9:46 p.m.77 views

CVE-2021-23921

CVE-2021-23921 affects Devolutions Server prior to 2020.3. The issue is broken access control on Password List entry elements, as described in the CVE entry and corroborated by NVD/related records. The connected documents confirm the affected software and the underlying flaw (inadequate access re...

9.1CVSS9.1AI score0.00998EPSS
CVE
CVE
added 2021/04/14 7:40 p.m.76 views

CVE-2021-28157

CVE-2021-28157 affects Devolutions Server and Devolutions Server LTS. The vulnerability is a SQL injection in the API endpoint api/security/userinfo/delete that allows an administrative user to execute arbitrary SQL commands. Affected versions are Devolutions Server before 2021.1 and Devolutions ...

7.2CVSS7.6AI score0.00837EPSS
CVE
CVE
added 2021/04/14 7:37 p.m.65 views

CVE-2021-28048

The CVE-2021-28048 entry concerns Devolutions Server (versions prior to 2021.1 and Devolutions Server LTS prior to 2020.3.18). The root cause is an overly permissive Cross-Origin Resource Sharing (CORS) policy that allows a remote attacker to leak cross-origin data via a specially crafted HTML pa...

6.5CVSS6.1AI score0.00567EPSS
CVE
CVE
added 2021/07/12 1:4 p.m.51 views

CVE-2021-36382

CVE-2021-36382 affects Devolutions Server prior to 2021.1.18 and LTS prior to 2020.3.20. The issue allows interception of private keys via a man-in-the-middle attack against the connections/partial endpoint, which accepts plaintext. Affected components and exact root cause are described across mu...

4.3CVSS4.3AI score0.00478EPSS