Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Devolutions_server
(Devolutions)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 24 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-06-20 | CVE-2023-2400 | Improper deletion of resource in the user management feature in Devolutions Server 2023.1.8 and earlier allows an administrator to view users vaults of deleted users via database access. | Devolutions_server | 2.7 | ||
| 2021-04-01 | CVE-2021-23921 | An issue was discovered in Devolutions Server before 2020.3. There is broken access control on Password List entry elements. | Devolutions_server | 9.1 | ||
| 2021-04-01 | CVE-2021-23923 | An issue was discovered in Devolutions Server before 2020.3. There is Broken Authentication with Windows domain users. | Devolutions_server | 8.1 | ||
| 2021-04-01 | CVE-2021-23924 | An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files. | Devolutions_server | 7.5 | ||
| 2021-04-01 | CVE-2021-23925 | An issue was discovered in Devolutions Server before 2020.3. There is a cross-site scripting (XSS) vulnerability in entries of type Document. | Devolutions_server | 6.1 | ||
| 2021-04-14 | CVE-2021-28048 | An overly permissive CORS policy in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows a remote attacker to leak cross-origin data via a crafted HTML page. | Devolutions_server | 6.5 | ||
| 2021-04-14 | CVE-2021-28157 | An SQL Injection issue in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows an administrative user to execute arbitrary SQL commands via a username in api/security/userinfo/delete. | Devolutions_server | 7.2 | ||
| 2021-07-12 | CVE-2021-36382 | Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint (which accepts cleartext). | Devolutions_server | 3.7 | ||
| 2022-07-06 | CVE-2022-2316 | HTML injection vulnerability in secure messages of Devolutions Server before 2022.2 allows attackers to alter the rendering of the page or redirect a user to another site. | Devolutions_server | 5.4 | ||
| 2022-07-07 | CVE-2022-33996 | Incorrect permission management in Devolutions Server before 2022.2 allows a new user with a preexisting username to inherit the permissions of that previous user. | Devolutions_server | 8.8 |