Page 2 of 14 results (0.011 seconds)

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0

Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and earlier allows attackers with administrator privileges to retrieve usage information on folders in user vaults via a specific folder name. • https://devolutions.net/security/advisories/DEVO-2023-0013 •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Insufficient access control in support ticket feature in Devolutions Server 2023.1.5.0 and below allows an authenticated attacker to send support tickets and download diagnostic files via specific endpoints. • https://devolutions.net/security/advisories/DEVO-2023-0010 •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Permission bypass when importing or synchronizing entries in User vault in Devolutions Server 2022.3.13 and prior versions allows users with restricted rights to bypass entry permission via id collision. • https://devolutions.net/security/advisories/DEVO-2023-0008 • CWE-863: Incorrect Authorization •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Improper access control in the secure messages feature in Devolutions Server 2022.3.12 and below allows an authenticated attacker that possesses the message UUID to access the data it contains. • https://devolutions.net/security/advisories/DEVO-2023-0005 •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Improper access controls on entries in Devolutions Server 2022.3.12 and earlier could allow an authenticated user to access sensitive data without proper authorization. • https://devolutions.net/security/advisories/DEVO-2023-0003 • CWE-863: Incorrect Authorization •