Lucene search
+L
DevolutionsDevolutions Server

15 matches found

CVE
CVE
added 2024/03/26 3:51 p.m.85 views

CVE-2024-2921

The CVE concerns Devolutions Server (version family up to 2024.1.10.0) with an improper access control flaw in PAM vault permissions. An authenticated user who can access the PAM may reach unauthorized PAM entries due to the misconfigured permissions. Documents consistently describe the affected ...

9.8CVSS6.5AI score0.00794EPSS
CVE
CVE
added 2024/03/26 3:51 p.m.72 views

CVE-2024-2915

CVE-2024-2915 affects Devolutions Server up to version 2024.1.6, where a flaw in the PAM JIT elevation feature permits an attacker with PAM JIT access to elevate to unauthorized groups via a specially crafted request. The issue is categorized as improper access control; CVSS v3.1 base score 8.8 (...

8.8CVSS6.7AI score0.00647EPSS
CVE
CVE
added 2024/03/05 9:33 p.m.70 views

CVE-2024-1901

CVE-2024-1901 describes a denial of service in Devolutions Server 2023.3.14.0 during PAM password rotation in the check-in process. An authenticated user with specific PAM permissions can render PAM credentials unavailable. The CVSS vector indicates network access, low attack complexity, and low ...

4.3CVSS6.7AI score0.00339EPSS
CVE
CVE
added 2024/03/05 9:35 p.m.63 views

CVE-2024-1764

CVE-2024-1764 affects Devolutions Server 2023.3.14.0 and earlier, due to improper privilege management in the Just-in-time (JIT) elevation module. The root cause is the JIT privilege handling, which allows a user to continue using elevated privileges after expiration under certain circumstances. ...

7.6CVSS6.7AI score0.00362EPSS
CVE
CVE
added 2024/12/04 5:17 p.m.62 views

CVE-2024-12196

CVE-2024-12196 affects Devolutions Server 2024.3.7.0 and earlier due to incorrect authorization in the permissions component, allowing an authenticated user to view the password history of an entry without the view password permission. Documents identify the affected software and the underlying c...

6.5CVSS6.9AI score0.00455EPSS
CVE
CVE
added 2024/12/04 5:18 p.m.58 views

CVE-2024-12148

CVE-2024-12148 affects Devolutions Server 2024.3.6.0 and earlier. The root cause is incorrect authorization in the permission validation component, allowing an authenticated user to access some reporting endpoints. Impact is limited to unauthorized access to reporting data as described in multipl...

4.3CVSS6.8AI score0.00357EPSS
CVE
CVE
added 2024/12/04 5:17 p.m.58 views

CVE-2024-12151

CVE-2024-12151 affects Devolutions Server (versions 2024.3.8.0 and earlier) due to an incorrect permission assignment in the User Migration feature, allowing users to retain their old permission sets. The vulnerable component is the User Migration feature; root cause: incorrect permission handlin...

5CVSS6.9AI score0.00268EPSS
CVE
CVE
added 2024/05/17 3:18 p.m.55 views

CVE-2024-5072

The CVE-2024-5072 entry describes a vulnerability in Devolutions Server (versions up to 2024.1.11.0) where improper input validation in the PAM JIT elevation feature allows an authenticated user to manipulate LDAP filter queries through a specially crafted request. Documented details include affe...

6.5CVSS6.6AI score0.00678EPSS
CVE
CVE
added 2024/11/12 3:52 p.m.54 views

CVE-2024-10971

CVE-2024-10971 affects Devolutions DVLS 2024.3.6 and earlier: an improper access control in the Password History feature allows a malicious authenticated user to obtain sensitive data via faulty permissions. Red Hat and Nessus/Nessus-derived sources corroborate information disclosure in DVLS 2024...

4.3CVSS6.1AI score0.0051EPSS
CVE
CVE
added 2024/03/05 9:35 p.m.53 views

CVE-2024-1898

CVE-2024-1898 : Devolutions Server (versions up to 2023.3.14.0) has improper access control in the notification feature, allowing a low-privileged user to change administrator-configured notification settings. The root cause is access control weakness that lets non-admins modify admin-defined con...

4.3CVSS6.6AI score0.00204EPSS
CVE
CVE
added 2024/09/25 1:55 p.m.52 views

CVE-2024-6512

CVE-2024-6512: Affects Devolutions Server 2024.2.10 and earlier. The issue is an authorization bypass in the PAM access request approval mechanism that lets authenticated users with approval permissions approve their own requests, bypassing security restrictions. Impact described as an integrity ...

6.5CVSS6.9AI score0.00298EPSS
CVE
CVE
added 2024/03/05 9:34 p.m.50 views

CVE-2024-1900

This CVE affects Devolutions Server (versions up to 2023.3.14.0) where improper session management in the identity provider authentication flow can allow an authenticated user, validated via an external IdP (e.g., Okta or O365), to remain authenticated after their identity is disabled or deleted....

5.5CVSS6.8AI score0.00228EPSS
CVE
CVE
added 2024/04/09 7:1 p.m.46 views

CVE-2024-3545

CVE-2024-3545 involves Devolutions Remote Desktop Manager (Windows) version 2024.1.20 and earlier, and Devolutions Server version 2024.1.8 and earlier. The vulnerability stems from improper permission handling in the vault offline cache feature, which could allow an attacker with access to the in...

4.3CVSS6.7AI score0.00281EPSS
CVE
CVE
added 2024/06/25 12:18 p.m.46 views

CVE-2024-4846

CVE-2024-4846 describes an authentication bypass in the 2FA feature of Devolutions Server, affected versions 2024.1.14.0 and earlier. An authenticated attacker can sign in as another user without being prompted for 2FA via another browser tab. The available connected documents confirm the vulnera...

6.3CVSS6.8AI score0.00386EPSS
CVE
CVE
added 2024/04/09 6:42 p.m.41 views

CVE-2024-2918

CVE-2024-2918 affects Devolutions Server 2024.1.6 and earlier, via improper input validation in the PAM JIT elevation feature. The issue allows an attacker with access to PAM JIT elevation to forge the displayed group in the PAM JIT elevation checkout request through a specially crafted request. ...

3.6CVSS6.7AI score0.00245EPSS