All the vulnerabilites related to Devolutions - Devolutions Server
cve-2023-0952
Vulnerability from cvelistv5
Published
2023-02-22 13:51
Modified
2024-08-02 05:32
Severity ?
EPSS score ?
Summary
Improper access controls on entries in Devolutions Server
2022.3.12 and earlier could allow an authenticated user to access
sensitive data without proper authorization.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Devolutions | Devolutions Server |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:32:45.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://devolutions.net/security/advisories/DEVO-2023-0003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Devolutions Server",
"vendor": "Devolutions",
"versions": [
{
"lessThanOrEqual": "2022.3.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper access controls on entries in Devolutions Server \n2022.3.12 and earlier could allow an authenticated user to access \nsensitive data without proper authorization."
}
],
"value": "Improper access controls on entries in Devolutions Server \n2022.3.12 and earlier could allow an authenticated user to access \nsensitive data without proper authorization."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020935Z",
"orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23",
"shortName": "DEVOLUTIONS"
},
"references": [
{
"url": "https://devolutions.net/security/advisories/DEVO-2023-0003"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23",
"assignerShortName": "DEVOLUTIONS",
"cveId": "CVE-2023-0952",
"datePublished": "2023-02-22T13:51:39.898Z",
"dateReserved": "2023-02-22T13:18:37.597Z",
"dateUpdated": "2024-08-02T05:32:45.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0953
Vulnerability from cvelistv5
Published
2023-02-22 13:42
Modified
2024-08-02 05:32
Severity ?
EPSS score ?
Summary
Insufficient input sanitization in the documentation feature of Devolutions Server 2022.3.12 and earlier allows an authenticated attacker to perform an SQL Injection, potentially resulting in unauthorized access to system resources.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Devolutions | Devolutions Server |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:32:45.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://devolutions.net/security/advisories/DEVO-2023-0003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Devolutions Server",
"vendor": "Devolutions",
"versions": [
{
"lessThanOrEqual": "2022.3.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eInsufficient input sanitization in the documentation feature of Devolutions Server 2022.3.12 and earlier allows an authenticated attacker to perform an SQL Injection, potentially resulting in unauthorized access to system resources.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "Insufficient input sanitization in the documentation feature of Devolutions Server 2022.3.12 and earlier allows an authenticated attacker to perform an SQL Injection, potentially resulting in unauthorized access to system resources.\n\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020935Z",
"orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23",
"shortName": "DEVOLUTIONS"
},
"references": [
{
"url": "https://devolutions.net/security/advisories/DEVO-2023-0003"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23",
"assignerShortName": "DEVOLUTIONS",
"cveId": "CVE-2023-0953",
"datePublished": "2023-02-22T13:42:04.305Z",
"dateReserved": "2023-02-22T13:27:32.322Z",
"dateUpdated": "2024-08-02T05:32:45.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0661
Vulnerability from cvelistv5
Published
2023-02-03 15:48
Modified
2024-08-02 05:17
Severity ?
EPSS score ?
Summary
Improper access control in Devolutions Server allows an authenticated user to access unauthorized sensitive data.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Devolutions | Devolutions Server |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:50.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://devolutions.net/security/advisories/DEVO-2023-0002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Devolutions Server",
"vendor": "Devolutions",
"versions": [
{
"lessThanOrEqual": "2022.3.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eImproper access control in Devolutions Server allows an authenticated user to access unauthorized sensitive data.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "Improper access control in Devolutions Server allows an authenticated user to access unauthorized sensitive data.\n\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-12T01:45:42.615671Z",
"orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23",
"shortName": "DEVOLUTIONS"
},
"references": [
{
"url": "https://devolutions.net/security/advisories/DEVO-2023-0002"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23",
"assignerShortName": "DEVOLUTIONS",
"cveId": "CVE-2023-0661",
"datePublished": "2023-02-03T15:48:17.672Z",
"dateReserved": "2023-02-03T15:24:08.811Z",
"dateUpdated": "2024-08-02T05:17:50.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1201
Vulnerability from cvelistv5
Published
2023-03-06 17:15
Modified
2024-08-02 05:40
Severity ?
EPSS score ?
Summary
Improper access control in the secure messages feature in Devolutions Server 2022.3.12 and below allows an authenticated attacker that possesses the message UUID to access the data it contains.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Devolutions | Devolutions Server |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:59.782Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://devolutions.net/security/advisories/DEVO-2023-0005"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Devolutions Server",
"vendor": "Devolutions",
"versions": [
{
"lessThanOrEqual": "2022.3.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eImproper access control in the secure messages feature in Devolutions Server 2022.3.12 and below allows an authenticated attacker that possesses the message UUID to access the data it contains.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "Improper access control in the secure messages feature in Devolutions Server 2022.3.12 and below allows an authenticated attacker that possesses the message UUID to access the data it contains.\n\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T20:05:13.704141Z",
"orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23",
"shortName": "DEVOLUTIONS"
},
"references": [
{
"url": "https://devolutions.net/security/advisories/DEVO-2023-0005"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23",
"assignerShortName": "DEVOLUTIONS",
"cveId": "CVE-2023-1201",
"datePublished": "2023-03-06T17:15:00.735Z",
"dateReserved": "2023-03-06T15:51:14.721Z",
"dateUpdated": "2024-08-02T05:40:59.782Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-6512
Vulnerability from cvelistv5
Published
2024-09-25 13:55
Modified
2024-09-25 14:23
Severity ?
EPSS score ?
Summary
Authorization bypass in the PAM access request approval mechanism in Devolutions Server 2024.2.10 and earlier allows authenticated users with permissions to approve their own requests, bypassing intended security restrictions, via the PAM access request approval mechanism.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Devolutions | Devolutions Server |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6512",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T14:23:03.639394Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T14:23:13.773Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Devolutions Server",
"vendor": "Devolutions",
"versions": [
{
"lessThanOrEqual": "2024.2.10.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-09-25T12:36:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authorization bypass in the\u0026nbsp;PAM access request approval mechanism in Devolutions Server 2024.2.10 and earlier allows authenticated users with permissions to approve their own requests, bypassing intended security restrictions, via the PAM access request approval mechanism.\n\n\u003cbr\u003e"
}
],
"value": "Authorization bypass in the\u00a0PAM access request approval mechanism in Devolutions Server 2024.2.10 and earlier allows authenticated users with permissions to approve their own requests, bypassing intended security restrictions, via the PAM access request approval mechanism."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T13:55:28.818Z",
"orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23",
"shortName": "DEVOLUTIONS"
},
"references": [
{
"url": "https://devolutions.net/security/advisories/DEVO-2024-0013"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23",
"assignerShortName": "DEVOLUTIONS",
"cveId": "CVE-2024-6512",
"datePublished": "2024-09-25T13:55:28.818Z",
"dateReserved": "2024-07-04T13:18:53.683Z",
"dateUpdated": "2024-09-25T14:23:13.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-5358
Vulnerability from cvelistv5
Published
2023-11-01 17:17
Modified
2024-09-06 18:40
Severity ?
EPSS score ?
Summary
Improper access control in Report log filters feature in Devolutions Server 2023.2.10.0 and earlier allows attackers to retrieve logs from vaults or entries they are not allowed to access via the report request url query parameters.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Devolutions | Devolutions Server |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:43.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://devolutions.net/security/advisories/DEVO-2023-0019/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5358",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T18:39:00.410240Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T18:40:19.905Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Devolutions Server",
"vendor": "Devolutions",
"versions": [
{
"lessThanOrEqual": "2023.2.10.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper access control in Report log filters feature in Devolutions Server 2023.2.10.0 and earlier allows attackers to retrieve logs from vaults or entries they are not allowed to access via the report request url query parameters."
}
],
"value": "Improper access control in Report log filters feature in Devolutions Server 2023.2.10.0 and earlier allows attackers to retrieve logs from vaults or entries they are not allowed to access via the report request url query parameters."
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T17:18:14.337Z",
"orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23",
"shortName": "DEVOLUTIONS"
},
"references": [
{
"url": "https://devolutions.net/security/advisories/DEVO-2023-0019/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23",
"assignerShortName": "DEVOLUTIONS",
"cveId": "CVE-2023-5358",
"datePublished": "2023-11-01T17:17:31.501Z",
"dateReserved": "2023-10-03T13:22:28.118Z",
"dateUpdated": "2024-09-06T18:40:19.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2445
Vulnerability from cvelistv5
Published
2023-05-02 13:11
Modified
2024-08-02 06:26
Severity ?
EPSS score ?
Summary
Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and earlier allows attackers with administrator privileges to retrieve usage information on folders in user vaults via a specific folder name.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Devolutions | Devolutions Server |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:26:08.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://devolutions.net/security/advisories/DEVO-2023-0013/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Devolutions Server",
"vendor": "Devolutions",
"versions": [
{
"lessThanOrEqual": "2023.1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and earlier allows attackers with administrator privileges to retrieve usage information on folders in user vaults via a specific folder name."
}
],
"value": "Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and earlier allows attackers with administrator privileges to retrieve usage information on folders in user vaults via a specific folder name."
}
],
"providerMetadata": {
"dateUpdated": "2023-05-02T13:11:06.405Z",
"orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23",
"shortName": "DEVOLUTIONS"
},
"references": [
{
"url": "https://devolutions.net/security/advisories/DEVO-2023-0013/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23",
"assignerShortName": "DEVOLUTIONS",
"cveId": "CVE-2023-2445",
"datePublished": "2023-05-02T13:11:06.405Z",
"dateReserved": "2023-05-01T14:10:14.917Z",
"dateUpdated": "2024-08-02T06:26:08.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2316
Vulnerability from cvelistv5
Published
2022-07-06 18:56
Modified
2024-08-03 00:32
Severity ?
EPSS score ?
Summary
HTML injection vulnerability in secure messages of Devolutions Server before 2022.2 allows attackers to alter the rendering of the page or redirect a user to another site.
References
| ▼ | URL | Tags |
|---|---|---|
| https://devolutions.net/security/advisories/DEVO-2022-0006 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Devolutions | Devolutions Server |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://devolutions.net/security/advisories/DEVO-2022-0006"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Devolutions Server",
"vendor": "Devolutions",
"versions": [
{
"lessThan": "2022.2",
"status": "affected",
"version": "2022.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HTML injection vulnerability in secure messages of Devolutions Server before 2022.2 allows attackers to alter the rendering of the page or redirect a user to another site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "HTML injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-06T18:56:20",
"orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23",
"shortName": "DEVOLUTIONS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://devolutions.net/security/advisories/DEVO-2022-0006"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@devolutions.net",
"ID": "CVE-2022-2316",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Devolutions Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2022.2",
"version_value": "2022.2"
}
]
}
}
]
},
"vendor_name": "Devolutions"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTML injection vulnerability in secure messages of Devolutions Server before 2022.2 allows attackers to alter the rendering of the page or redirect a user to another site."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HTML injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://devolutions.net/security/advisories/DEVO-2022-0006",
"refsource": "MISC",
"url": "https://devolutions.net/security/advisories/DEVO-2022-0006"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23",
"assignerShortName": "DEVOLUTIONS",
"cveId": "CVE-2022-2316",
"datePublished": "2022-07-06T18:56:20",
"dateReserved": "2022-07-05T00:00:00",
"dateUpdated": "2024-08-03T00:32:09.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0951
Vulnerability from cvelistv5
Published
2023-02-22 13:46
Modified
2024-08-02 05:32
Severity ?
EPSS score ?
Summary
Improper access controls on some API endpoints in Devolutions Server 2022.3.12
and earlier could allow a standard privileged user to perform privileged
actions.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Devolutions | Devolutions Server |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:32:46.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://devolutions.net/security/advisories/DEVO-2023-0003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Devolutions Server",
"vendor": "Devolutions",
"versions": [
{
"lessThanOrEqual": "2022.3.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eImproper access controls on some API endpoints in Devolutions Server 2022.3.12 \nand earlier could allow a standard privileged user to perform privileged \nactions.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "Improper access controls on some API endpoints in Devolutions Server 2022.3.12 \nand earlier could allow a standard privileged user to perform privileged \nactions.\n\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:45:13.020935Z",
"orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23",
"shortName": "DEVOLUTIONS"
},
"references": [
{
"url": "https://devolutions.net/security/advisories/DEVO-2023-0003"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23",
"assignerShortName": "DEVOLUTIONS",
"cveId": "CVE-2023-0951",
"datePublished": "2023-02-22T13:46:30.884Z",
"dateReserved": "2023-02-22T13:11:44.596Z",
"dateUpdated": "2024-08-02T05:32:46.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3781
Vulnerability from cvelistv5
Published
2022-11-01 18:28
Modified
2024-08-03 01:20
Severity ?
EPSS score ?
Summary
Dashlane password and Keepass Server password in My Account Settings are not encrypted in the database in Devolutions Remote Desktop Manager 2022.2.26 and prior versions and Devolutions Server 2022.3.1 and prior versions which allows database users to read the data.
This issue affects :
Remote Desktop Manager 2022.2.26 and prior versions.
Devolutions Server 2022.3.1 and prior versions.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Devolutions | Remote Desktop Manager | |
| Devolutions | Devolutions Server |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:58.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://devolutions.net/security/advisories/DEVO-2022-0009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Remote Desktop Manager",
"vendor": "Devolutions",
"versions": [
{
"lessThanOrEqual": "2022.2.26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Devolutions Server",
"vendor": "Devolutions",
"versions": [
{
"lessThanOrEqual": "2022.3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dashlane password and Keepass Server password in My Account Settings\u0026nbsp; are not encrypted in the database in Devolutions Remote Desktop Manager 2022.2.26 and prior versions and Devolutions Server 2022.3.1 and prior versions which allows database users to read the data.\u003cbr\u003e\u003cbr\u003eThis issue affects : \u003cbr\u003e\u003cdiv\u003eRemote Desktop Manager 2022.2.26 and prior versions.\u003c/div\u003e\u003cdiv\u003eDevolutions Server 2022.3.1 and prior versions.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "Dashlane password and Keepass Server password in My Account Settings\u00a0 are not encrypted in the database in Devolutions Remote Desktop Manager 2022.2.26 and prior versions and Devolutions Server 2022.3.1 and prior versions which allows database users to read the data.\n\nThis issue affects : \nRemote Desktop Manager 2022.2.26 and prior versions.\n\nDevolutions Server 2022.3.1 and prior versions.\n\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-311",
"description": "CWE-311 Missing Encryption of Sensitive Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-01T18:28:28.590Z",
"orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23",
"shortName": "DEVOLUTIONS"
},
"references": [
{
"url": "https://devolutions.net/security/advisories/DEVO-2022-0009"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23",
"assignerShortName": "DEVOLUTIONS",
"cveId": "CVE-2022-3781",
"datePublished": "2022-11-01T18:28:28.590Z",
"dateReserved": "2022-10-31T19:43:01.182Z",
"dateUpdated": "2024-08-03T01:20:58.271Z",
"requesterUserId": "f8cc67d2-f063-4532-a07d-c228278dd519",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2118
Vulnerability from cvelistv5
Published
2023-04-21 21:52
Modified
2024-08-02 06:12
Severity ?
EPSS score ?
Summary
Insufficient access control in support ticket feature in Devolutions Server 2023.1.5.0 and below allows an authenticated attacker to send support tickets and download diagnostic files via specific endpoints.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Devolutions | Devolutions Server |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:12:20.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://devolutions.net/security/advisories/DEVO-2023-0010"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Devolutions Server",
"vendor": "Devolutions",
"versions": [
{
"lessThan": "2023.1.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jico"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient access control\u0026nbsp;in support ticket feature in Devolutions Server\u0026nbsp;2023.1.5.0 and below\u0026nbsp;allows an authenticated attacker to send support tickets and download diagnostic files via specific endpoints."
}
],
"value": "Insufficient access control\u00a0in support ticket feature in Devolutions Server\u00a02023.1.5.0 and below\u00a0allows an authenticated attacker to send support tickets and download diagnostic files via specific endpoints."
}
],
"providerMetadata": {
"dateUpdated": "2023-06-12T19:48:35.982Z",
"orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23",
"shortName": "DEVOLUTIONS"
},
"references": [
{
"url": "https://devolutions.net/security/advisories/DEVO-2023-0010"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23",
"assignerShortName": "DEVOLUTIONS",
"cveId": "CVE-2023-2118",
"datePublished": "2023-04-21T21:52:14.163Z",
"dateReserved": "2023-04-17T12:42:59.155Z",
"dateUpdated": "2024-08-02T06:12:20.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}