CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1231
https://notcve.org/view.php?id=CVE-2025-1231
11 Feb 2025 — Improper password reset in PAM Module in Devolutions Server 2024.3.10.0 and earlier allows an authenticated user to reuse the oracle user password after check-in due to crash in the password reset functionality. • https://devolutions.net/security/advisories/DEVO-2025-0002 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11621
https://notcve.org/view.php?id=CVE-2024-11621
10 Feb 2025 — Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack. Versions affected are : Remote Desktop Manager macOS 2024.3.9.0 and earlier Remote Desktop Manager Linux 2024.3.2.5 and earlier Remote Desktop Manager Android 2024.3.3.7 and earlier Remote Desktop Manager iOS 2024.3.3.0 and earlier Remote Desktop Manager Powershell 2024.3.6.0 and earlier Missing certificate vali... • https://devolutions.net/security/advisories/DEVO-2025-0001 • CWE-295: Improper Certificate Validation •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1193
https://notcve.org/view.php?id=CVE-2025-1193
10 Feb 2025 — Improper host validation in the certificate validation component in Devolutions Remote Desktop Manager on 2024.3.19 and earlier on Windows allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack by presenting a certificate for a different host. • https://devolutions.net/security/advisories/DEVO-2025-0001 • CWE-295: Improper Certificate Validation •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12149
https://notcve.org/view.php?id=CVE-2024-12149
04 Dec 2024 — Incorrect permission assignment in temporary access requests component in Devolutions Remote Desktop Manager 2024.3.19.0 and earlier on Windows allows an authenticated user that request temporary permissions on an entry to obtain more privileges than requested. La asignación incorrecta de permisos en el componente de solicitudes de acceso temporal en Devolutions Remote Desktop Manager 2024.3.19.0 y versiones anteriores en Windows permite que un usuario autenticado que solicita permisos temporales en una ent... • https://devolutions.net/security/advisories/DEVO-2024-0017 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11670
https://notcve.org/view.php?id=CVE-2024-11670
25 Nov 2024 — Incorrect authorization in the permission validation component of Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows a malicious authenticated user to bypass the "View Password" permission via specific actions. • https://devolutions.net/security/advisories/DEVO-2024-0015 • CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11671
https://notcve.org/view.php?id=CVE-2024-11671
25 Nov 2024 — Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024.3.17 and earlier on Windows allows an authenticated user to bypass the MFA validation via data source switching. • https://devolutions.net/security/advisories/DEVO-2024-0016 • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11672
https://notcve.org/view.php?id=CVE-2024-11672
25 Nov 2024 — Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows an authenticated malicious user to bypass the "Add" permission via the import in vault feature. • https://devolutions.net/security/advisories/DEVO-2024-0016 • CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7421
https://notcve.org/view.php?id=CVE-2024-7421
25 Sep 2024 — An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows allows local attackers with access to system logs to obtain session credentials via passwords included in command-line arguments when launching WinSCP sessions • https://devolutions.net/security/advisories/DEVO-2024-0014 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6512
https://notcve.org/view.php?id=CVE-2024-6512
25 Sep 2024 — Authorization bypass in the PAM access request approval mechanism in Devolutions Server 2024.2.10 and earlier allows authenticated users with permissions to approve their own requests, bypassing intended security restrictions, via the PAM access request approval mechanism. Authorization bypass in the PAM access request approval mechanism in Devolutions Server 2024.2.10 and earlier allows authenticated users with permissions to approve their own requests, bypassing intended security restrictions, via the PAM... • https://devolutions.net/security/advisories/DEVO-2024-0013 • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6354
https://notcve.org/view.php?id=CVE-2024-6354
26 Jun 2024 — Improper access control in PAM dashboard in Devolutions Remote Desktop Manager 2024.2.11 and earlier on Windows allows an authenticated user to bypass the execute permission via the use of the PAM dashboard. El control de acceso inadecuado en el panel de PAM en Devolutions Remote Desktop Manager 2024.2.11 y versiones anteriores en Windows permite a un usuario autenticado omitir el permiso de ejecución mediante el uso del panel de PAM. • https://devolutions.net/security/advisories/DEVO-2024-0010 • CWE-1262: Improper Access Control for Register Interface •