CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0951
https://notcve.org/view.php?id=CVE-2023-0951
22 Feb 2023 — Improper access controls on some API endpoints in Devolutions Server 2022.3.12 and earlier could allow a standard privileged user to perform privileged actions. • https://devolutions.net/security/advisories/DEVO-2023-0003 •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0953
https://notcve.org/view.php?id=CVE-2023-0953
22 Feb 2023 — Insufficient input sanitization in the documentation feature of Devolutions Server 2022.3.12 and earlier allows an authenticated attacker to perform an SQL Injection, potentially resulting in unauthorized access to system resources. • https://devolutions.net/security/advisories/DEVO-2023-0003 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0661
https://notcve.org/view.php?id=CVE-2023-0661
03 Feb 2023 — Improper access control in Devolutions Server allows an authenticated user to access unauthorized sensitive data. • https://devolutions.net/security/advisories/DEVO-2023-0002 • CWE-284: Improper Access Control •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-3781
https://notcve.org/view.php?id=CVE-2022-3781
01 Nov 2022 — Dashlane password and Keepass Server password in My Account Settings are not encrypted in the database in Devolutions Remote Desktop Manager 2022.2.26 and prior versions and Devolutions Server 2022.3.1 and prior versions which allows database users to read the data. This issue affects : Remote Desktop Manager 2022.2.26 and prior versions. Devolutions Server 2022.3.1 and prior versions. La contraseña de Dashlane y la contraseña del Keepass Server en My Account Settings no están cifradas en la base de datos e... • https://devolutions.net/security/advisories/DEVO-2022-0009 • CWE-311: Missing Encryption of Sensitive Data CWE-522: Insufficiently Protected Credentials •