CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2118
https://notcve.org/view.php?id=CVE-2023-2118
21 Apr 2023 — Insufficient access control in support ticket feature in Devolutions Server 2023.1.5.0 and below allows an authenticated attacker to send support tickets and download diagnostic files via specific endpoints. Insufficient access control in support ticket feature in Devolutions Server 2023.1.5.0 and below allows an authenticated attacker to send support tickets and download diagnostic files via specific endpoints. • https://devolutions.net/security/advisories/DEVO-2023-0010 •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1603
https://notcve.org/view.php?id=CVE-2023-1603
23 Mar 2023 — Permission bypass when importing or synchronizing entries in User vault in Devolutions Server 2022.3.13 and prior versions allows users with restricted rights to bypass entry permission via id collision. Permission bypass when importing or synchronizing entries in User vault in Devolutions Server 2022.3.13 and prior versions allows users with restricted rights to bypass entry permission via id collision. • https://devolutions.net/security/advisories/DEVO-2023-0008 • CWE-863: Incorrect Authorization •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1201
https://notcve.org/view.php?id=CVE-2023-1201
06 Mar 2023 — Improper access control in the secure messages feature in Devolutions Server 2022.3.12 and below allows an authenticated attacker that possesses the message UUID to access the data it contains. • https://devolutions.net/security/advisories/DEVO-2023-0005 •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0952
https://notcve.org/view.php?id=CVE-2023-0952
22 Feb 2023 — Improper access controls on entries in Devolutions Server 2022.3.12 and earlier could allow an authenticated user to access sensitive data without proper authorization. • https://devolutions.net/security/advisories/DEVO-2023-0003 • CWE-863: Incorrect Authorization •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0951
https://notcve.org/view.php?id=CVE-2023-0951
22 Feb 2023 — Improper access controls on some API endpoints in Devolutions Server 2022.3.12 and earlier could allow a standard privileged user to perform privileged actions. • https://devolutions.net/security/advisories/DEVO-2023-0003 •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0953
https://notcve.org/view.php?id=CVE-2023-0953
22 Feb 2023 — Insufficient input sanitization in the documentation feature of Devolutions Server 2022.3.12 and earlier allows an authenticated attacker to perform an SQL Injection, potentially resulting in unauthorized access to system resources. • https://devolutions.net/security/advisories/DEVO-2023-0003 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0661
https://notcve.org/view.php?id=CVE-2023-0661
03 Feb 2023 — Improper access control in Devolutions Server allows an authenticated user to access unauthorized sensitive data. • https://devolutions.net/security/advisories/DEVO-2023-0002 • CWE-284: Improper Access Control •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-3781
https://notcve.org/view.php?id=CVE-2022-3781
01 Nov 2022 — Dashlane password and Keepass Server password in My Account Settings are not encrypted in the database in Devolutions Remote Desktop Manager 2022.2.26 and prior versions and Devolutions Server 2022.3.1 and prior versions which allows database users to read the data. This issue affects : Remote Desktop Manager 2022.2.26 and prior versions. Devolutions Server 2022.3.1 and prior versions. La contraseña de Dashlane y la contraseña del Keepass Server en My Account Settings no están cifradas en la base de datos e... • https://devolutions.net/security/advisories/DEVO-2022-0009 • CWE-311: Missing Encryption of Sensitive Data CWE-522: Insufficiently Protected Credentials •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33996
https://notcve.org/view.php?id=CVE-2022-33996
07 Jul 2022 — Incorrect permission management in Devolutions Server before 2022.2 allows a new user with a preexisting username to inherit the permissions of that previous user. Una administración incorrecta de permisos en Devolutions Server versiones anteriores a 2022.2, permite que un nuevo usuario con un nombre de usuario preexistente herede los permisos de ese usuario anterior • https://devolutions.net • CWE-276: Incorrect Default Permissions •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2316
https://notcve.org/view.php?id=CVE-2022-2316
06 Jul 2022 — HTML injection vulnerability in secure messages of Devolutions Server before 2022.2 allows attackers to alter the rendering of the page or redirect a user to another site. Una vulnerabilidad de inyección de HTML en los mensajes seguros de Devolutions Server versiones anteriores a 2022.2 permite a atacantes alterar la representación de la página o redirigir a un usuario a otro sitio • https://devolutions.net/security/advisories/DEVO-2022-0006 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •