CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5240
https://notcve.org/view.php?id=CVE-2023-5240
Improper access control in PAM propagation scripts in Devolutions Server 2023.2.8.0 and ealier allows an attack with permission to manage PAM propagation scripts to retrieve passwords stored in it via a GET request. El control de acceso inadecuado en los scripts de propagación de PAM en Devolutions Server 2023.2.8.0 y anteriores permite un ataque con permiso para administrar los scripts de propagación de PAM para recuperar las contraseñas almacenadas en él mediante una solicitud GET. • https://devolutions.net/security/advisories/DEVO-2023-0017 • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4417
https://notcve.org/view.php?id=CVE-2023-4417
Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances, to inadvertently share their personal vault entry with shared vaults via an incorrect vault in the duplication write process. • https://devolutions.net/security/advisories/DEVO-2023-0015 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4373
https://notcve.org/view.php?id=CVE-2023-4373
Inadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature. • https://devolutions.net/security/advisories/DEVO-2023-0015 • CWE-287: Improper Authentication •
CVSS: 2.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2400
https://notcve.org/view.php?id=CVE-2023-2400
Improper deletion of resource in the user management feature in Devolutions Server 2023.1.8 and earlier allows an administrator to view users vaults of deleted users via database access. • https://devolutions.net/security/advisories/DEVO-2023-0014 • CWE-459: Incomplete Cleanup •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2445
https://notcve.org/view.php?id=CVE-2023-2445
Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and earlier allows attackers with administrator privileges to retrieve usage information on folders in user vaults via a specific folder name. • https://devolutions.net/security/advisories/DEVO-2023-0013 •