CVE-2023-2445
https://notcve.org/view.php?id=CVE-2023-2445
Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and earlier allows attackers with administrator privileges to retrieve usage information on folders in user vaults via a specific folder name. • https://devolutions.net/security/advisories/DEVO-2023-0013 •
CVE-2023-2118
https://notcve.org/view.php?id=CVE-2023-2118
Insufficient access control in support ticket feature in Devolutions Server 2023.1.5.0 and below allows an authenticated attacker to send support tickets and download diagnostic files via specific endpoints. • https://devolutions.net/security/advisories/DEVO-2023-0010 •
CVE-2023-1603
https://notcve.org/view.php?id=CVE-2023-1603
Permission bypass when importing or synchronizing entries in User vault in Devolutions Server 2022.3.13 and prior versions allows users with restricted rights to bypass entry permission via id collision. • https://devolutions.net/security/advisories/DEVO-2023-0008 • CWE-863: Incorrect Authorization •
CVE-2023-1201
https://notcve.org/view.php?id=CVE-2023-1201
Improper access control in the secure messages feature in Devolutions Server 2022.3.12 and below allows an authenticated attacker that possesses the message UUID to access the data it contains. • https://devolutions.net/security/advisories/DEVO-2023-0005 •
CVE-2023-0952
https://notcve.org/view.php?id=CVE-2023-0952
Improper access controls on entries in Devolutions Server 2022.3.12 and earlier could allow an authenticated user to access sensitive data without proper authorization. • https://devolutions.net/security/advisories/DEVO-2023-0003 • CWE-863: Incorrect Authorization •